Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win7 32-bit: GVU 2.07 mit Kamera (https://www.trojaner-board.de/124590-win7-32-bit-gvu-2-07-kamera.html)

mcflash99 23.09.2012 21:45
Win7 32-bit: GVU 2.07 mit Kamera
 
Hallo zusammen,

ich habe hier einen Rechner von einer Freundin bekommen, der mit dem GVU 2.07 verseucht ist. Ich konnte über den abgesicherten Modus einen neuen Administrator anlegen, mit dessen Konto das Problem nicht auftritt. Damit habe ich auch einen OTL-Scan (über alle User) und einen Malwarebytes Scan ausführen können. Die entstandenen Logs habe ich hier angehängt.

Ich würde mich freuen, wenn ihr mir beim Löschen des Trojaners behilflich sein könntet.

Viele Grüße,
mcflash99

cosinus 24.09.2012 11:58
Bitte alle Logs nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

mcflash99 24.09.2012 14:20
Ok, hier nochmal alles als Code:

OTL.txt:
Code:
OTL logfile created on: 9/23/2012 10:07:10 PM - Run 1
OTL by OldTimer - Version 3.2.66.0    Folder = C:\Users\Owner2\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1015.24 Mb Total Physical Memory | 222.90 Mb Available Physical Memory | 21.96% Memory free
1.99 Gb Paging File | 1.19 Gb Available in Paging File | 59.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.03 Gb Total Space | 64.78 Gb Free Space | 46.60% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/09/23 21:14:08 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Owner2\Desktop\OTL.exe
PRC - [2011/07/01 23:22:31 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/04/27 13:46:01 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/02 21:45:15 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/29 11:18:52 | 000,751,592 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2010/01/14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/02 18:09:54 | 000,246,272 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe
PRC - [2009/12/02 18:08:52 | 000,132,096 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\UIExec.exe
PRC - [2009/10/16 15:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2009/10/14 04:34:34 | 000,628,016 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Security\VizorHtmlDialog.exe
PRC - [2009/09/25 20:04:10 | 000,115,888 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\SystemSetting\WallPaperAgent.exe
PRC - [2009/09/15 02:05:56 | 000,044,312 | ---- | M] () -- C:\Program Files\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe
PRC - [2009/09/11 05:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/08/12 22:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009/07/20 11:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009/12/02 18:08:52 | 000,132,096 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\UIExec.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2012/07/29 05:26:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/07/01 23:22:31 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 13:46:01 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/12/02 18:09:54 | 000,246,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/09/15 02:05:56 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2012/09/23 21:02:18 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/01 23:22:33 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/01 23:22:33 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/10/29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/10/14 02:33:32 | 000,167,952 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/10/14 02:33:32 | 000,083,344 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/10/14 02:33:32 | 000,058,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/10/14 02:33:32 | 000,052,752 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/10/05 18:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/27 09:06:45 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/07/20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/06 10:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.3.37: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.3.37: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/26 11:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/29 05:26:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/23 21:10:10 | 000,000,000 | ---D | M]
 
[2012/09/23 21:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/23 21:10:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2011/10/17 20:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/10/17 20:57:57 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2012/07/29 05:26:05 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/17 21:48:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/05/17 21:48:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/17 21:48:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/05/17 21:48:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/05/17 21:48:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/05/17 21:48:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Owner2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ASUS Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\ASUS\SystemSetting\StarterHelper.dll (ASUSTeK Computer Inc.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [HotKeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe ()
O4 - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Security\VizorHtmlDialog.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-782359419-2307183593-61034220-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-782359419-2307183593-61034220-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} hxxp://www.pixum.de/apps/EasyUploadX.cab (Pixum EasyUploadX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38B2D3DF-952F-4C07-A567-A559EC1145D5}: DhcpNameServer = 62.179.104.196 213.46.228.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7F131BC-7F3C-45CE-8059-189F353EEE76}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-782359419-2307183593-61034220-1001 Winlogon: Shell - (C:\Program Files\asus\SystemSetting\WallPaperAgent.exe) - C:\Program Files\ASUS\SystemSetting\WallPaperAgent.exe (ASUSTeK Computer Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/09/23 21:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/23 21:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/23 21:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/09/23 21:38:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/23 21:14:03 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Owner2\Desktop\OTL.exe
[2012/09/23 21:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/23 21:04:17 | 000,000,000 | ---D | C] -- C:\Users\Owner2\AppData\Local\Apple
[2012/09/23 21:01:33 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/09/23 21:01:32 | 000,000,000 | ---D | C] -- C:\Users\Owner2\AppData\Roaming\Malwarebytes
[2012/09/23 21:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/23 21:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/23 21:00:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/09/23 21:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/23 20:57:37 | 000,000,000 | ---D | C] -- C:\Users\Owner2\AppData\Local\Google
[2012/09/23 20:53:47 | 000,000,000 | ---D | C] -- C:\Users\Owner2\AppData\Local\VirtualStore
[2012/09/23 20:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Owner2\AppData\Local\Temporary Internet Files
[2012/09/23 20:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Owner2\Templates
[2012/09/23 20:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Owner2\Start Menu
[2012/09/23 20:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Owner2\SendTo
[2012/09/23 20:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Owner2\Recent
[2012/09/23 20:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Owner2\PrintHood
[2012/09/23 20:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Owner2\NetHood
[2012/09/23 20:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Owner2\Documents\My Videos
[2012/09/23 20:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Owner2\Documents\My Pictures
[2012/09/23 20:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Owner2\Documents\My Music
[2012/09/23 20:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Owner2\Local Settings
[2012/09/23 20:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Owner2\AppData\Local\History
[2012/09/23 20:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Owner2\Cookies
[2012/09/23 20:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Owner2\Application Data
[2012/09/23 20:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Owner2\AppData\Local\Application Data
[2012/09/23 20:53:24 | 000,000,000 | -HSD | C] -- C:\Users\Owner2\My Documents
[2012/09/23 20:53:17 | 000,000,000 | ---D | C] -- C:\Users\Owner2\AppData\Local\Broadcom
[2012/09/23 20:53:17 | 000,000,000 | ---D | C] -- C:\Users\Owner2\AppData\Local\Adobe
[2012/09/23 20:53:16 | 000,000,000 | --SD | C] -- C:\Users\Owner2\AppData\Roaming\Microsoft
[2012/09/23 20:53:16 | 000,000,000 | R--D | C] -- C:\Users\Owner2\Videos
[2012/09/23 20:53:16 | 000,000,000 | R--D | C] -- C:\Users\Owner2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/09/23 20:53:16 | 000,000,000 | R--D | C] -- C:\Users\Owner2\Searches
[2012/09/23 20:53:16 | 000,000,000 | R--D | C] -- C:\Users\Owner2\Saved Games
[2012/09/23 20:53:16 | 000,000,000 | R--D | C] -- C:\Users\Owner2\Pictures
[2012/09/23 20:53:16 | 000,000,000 | R--D | C] -- C:\Users\Owner2\Music
[2012/09/23 20:53:16 | 000,000,000 | R--D | C] -- C:\Users\Owner2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/09/23 20:53:16 | 000,000,000 | R--D | C] -- C:\Users\Owner2\Links
[2012/09/23 20:53:16 | 000,000,000 | R--D | C] -- C:\Users\Owner2\Favorites
[2012/09/23 20:53:16 | 000,000,000 | R--D | C] -- C:\Users\Owner2\Downloads
[2012/09/23 20:53:16 | 000,000,000 | R--D | C] -- C:\Users\Owner2\Documents
[2012/09/23 20:53:16 | 000,000,000 | R--D | C] -- C:\Users\Owner2\Desktop
[2012/09/23 20:53:16 | 000,000,000 | R--D | C] -- C:\Users\Owner2\Contacts
[2012/09/23 20:53:16 | 000,000,000 | R--D | C] -- C:\Users\Owner2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/09/23 20:53:16 | 000,000,000 | R--D | C] -- C:\Users\Owner2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/09/23 20:53:16 | 000,000,000 | -H-D | C] -- C:\Users\Owner2\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/09/23 20:53:16 | 000,000,000 | -H-D | C] -- C:\Users\Owner2\AppData
[2012/09/23 20:53:16 | 000,000,000 | ---D | C] -- C:\Users\Owner2\AppData\Local\Temp
[2012/09/23 20:53:16 | 000,000,000 | ---D | C] -- C:\Users\Owner2\AppData\Local\SRS Labs
[2012/09/23 20:53:16 | 000,000,000 | ---D | C] -- C:\Users\Owner2\AppData\Local\Microsoft Help
[2012/09/23 20:53:16 | 000,000,000 | ---D | C] -- C:\Users\Owner2\AppData\Local\Microsoft
[2012/09/23 20:53:16 | 000,000,000 | ---D | C] -- C:\Users\Owner2\AppData\Roaming\Macromedia
[2012/09/23 20:53:16 | 000,000,000 | ---D | C] -- C:\Users\Owner2\AppData\Roaming\InstallShield
[2012/09/23 20:53:16 | 000,000,000 | ---D | C] -- C:\Users\Owner2\AppData\Roaming\Identities
[2012/09/23 20:53:16 | 000,000,000 | ---D | C] -- C:\Users\Owner2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Park
[2012/09/23 20:53:16 | 000,000,000 | ---D | C] -- C:\Users\Owner2\Documents\EBI
[2012/09/23 20:53:16 | 000,000,000 | ---D | C] -- C:\Users\Owner2\Documents\Bluetooth Exchange Folder
[2012/09/23 20:53:16 | 000,000,000 | ---D | C] -- C:\Users\Owner2\AppData\Roaming\Adobe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/23 22:06:58 | 000,010,000 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 22:06:58 | 000,010,000 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 22:06:19 | 000,628,348 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/23 22:06:19 | 000,108,494 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/09/23 22:00:19 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/23 22:00:19 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/23 21:58:46 | 000,354,864 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/09/23 21:58:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/23 21:31:47 | 000,002,282 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/09/23 21:14:08 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Owner2\Desktop\OTL.exe
[2012/09/23 21:02:18 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/09/23 20:54:43 | 000,001,403 | ---- | M] () -- C:\Users\Owner2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/23 20:48:25 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/09/23 20:54:43 | 000,001,403 | ---- | C] () -- C:\Users\Owner2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/23 20:54:42 | 000,001,409 | ---- | C] () -- C:\Users\Owner2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/09/23 20:53:18 | 000,002,181 | ---- | C] () -- C:\Users\Owner2\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/23 20:53:18 | 000,000,290 | ---- | C] () -- C:\Users\Owner2\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/09/23 20:53:18 | 000,000,272 | ---- | C] () -- C:\Users\Owner2\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/04 10:02:17 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2010/02/24 01:49:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/26 15:46:25 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/02/13 20:28:35 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Roaming\.#
[2010/07/28 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Asus
[2012/04/26 11:21:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoft
[2011/04/29 12:54:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/02/13 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GameConsole
[2011/02/14 21:55:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\gtk-2.0
[2012/04/26 11:21:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenCandy
[2011/02/21 14:09:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2012/08/04 07:40:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify
[2011/01/27 19:03:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeamViewer
[2011/01/16 17:52:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:AB689DEA

< End of report >
Extras.txt:
Code:
OTL Extras logfile created on: 9/23/2012 10:07:10 PM - Run 1
OTL by OldTimer - Version 3.2.66.0    Folder = C:\Users\Owner2\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1015.24 Mb Total Physical Memory | 222.90 Mb Available Physical Memory | 21.96% Memory free
1.99 Gb Paging File | 1.19 Gb Available in Paging File | 59.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.03 Gb Total Space | 64.78 Gb Free Space | 46.60% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-782359419-2307183593-61034220-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E0C9825-4492-4548-896B-9F5B13064970}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3167E04F-D3A2-4E26-986F-5A99B3AAF8EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3D7782A9-B0EE-4A00-9E15-BEB85DA29694}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8636BE16-D59C-46E8-86A4-2A02E851639E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1547F399-DDF5-4551-BDEB-EC44978BA602}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{25F04ED5-07BB-49A9-8D05-8521409621C5}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{647945A7-8F04-4F46-A0E3-5D43CB35A648}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{757BA310-092D-4025-AF21-4C80B2CB5595}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{97F51DE7-3E11-41F8-A8CB-6D8CD76DCA1E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BF8E8399-CCA2-4356-8723-9F174B57EF04}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF4295A2-B186-4045-B033-B2B66665B5BD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{9653669D-C487-4772-B191-D4AF40057C3D}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{A6DA25D5-A45F-4BDE-AD44-B43D534D81C1}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
"UDP Query User{80CB232E-0AF1-45A8-A53A-8185C333A664}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C92B09FB-5BAE-43E7-B58E-6CE8808DE558}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{470F98FC-4831-4ACB-9A8C-D114ED27C120}" = LocaleMe
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0017-040C-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (French) 2007
"{90120000-0017-040C-0000-0000000FF1CE}_OMUI.fr-fr_{879D8136-C3A7-4A13-A8F4-309467087372}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0017-0410-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Italian) 2007
"{90120000-0017-0410-0000-0000000FF1CE}_OMUI.it-it_{7B241DBB-A985-46B4-866B-DD59E0284032}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0017-0413-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Dutch) 2007
"{90120000-0017-0413-0000-0000000FF1CE}_OMUI.nl-nl_{4CF3DDE3-7CC3-46C5-989F-A72422CB5DCB}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_OMUI.fr-fr_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.fr-fr_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.it-it_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.nl-nl_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.fr-fr_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.it-it_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.nl-nl_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.fr-fr_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.it-it_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.nl-nl_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.it-it_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_OMUI.fr-fr_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}_OMUI.nl-nl_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OMUI.fr-fr_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_OMUI.fr-fr_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_OMUI.it-it_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_OMUI.nl-nl_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007
"{90120000-00BA-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007
"{90120000-00BA-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-040C-0000-0000000FF1CE}" = Microsoft Office O MUI (French) 2007
"{90120000-0100-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0410-0000-0000000FF1CE}" = Microsoft Office O MUI (Italian) 2007
"{90120000-0100-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0413-0000-0000000FF1CE}" = Microsoft Office O MUI (Dutch) 2007
"{90120000-0100-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-040C-0000-0000000FF1CE}" = Microsoft Office X MUI (French) 2007
"{90120000-0101-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0410-0000-0000000FF1CE}" = Microsoft Office X MUI (Italian) 2007
"{90120000-0101-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0413-0000-0000000FF1CE}" = Microsoft Office X MUI (Dutch) 2007
"{90120000-0101-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Security
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{BB5E5F87-E939-4974-A006-2B4A2F60EEA3}_is1" = Game Park Console
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E680BB35-F552-4B28-BE4F-8E7CE515636F}" = Octava SD4
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FAD8718D-950E-468D-BDE2-17D4D6F1EA6A}" = FontResizer
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASUS VIBE" = ASUS VIBE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Eee Docking_is1" = Eee Docking 3.6.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.20.423
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OMUI.fr-fr" = Microsoft Office Language Pack 2007 - French/Français
"OMUI.it-it" = Microsoft Office Language Pack 2007 - Italian/Italiano
"OMUI.nl-nl" = Microsoft Office Language Pack 2007 - Dutch/Nederlands
"OOBERegBackup_is1" = OOBERegBackup
"RealPlayer 15.0" = RealPlayer
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.9
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemSetting_is1" = SystemSetting
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/22/2012 7:43:43 AM | Computer Name = Owner-PC | Source = System Restore | ID = 8211
Description =
 
Error - 5/5/2012 4:21:32 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
Error - 5/8/2012 4:19:56 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
Error - 5/8/2012 11:20:00 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
Error - 5/17/2012 5:23:32 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
Error - 5/27/2012 7:27:40 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
Error - 6/8/2012 1:44:33 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
Error - 6/8/2012 2:46:51 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
Error - 6/10/2012 11:34:22 AM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: HotkeyService.exe, version: 6.1.1.2023,
 time stamp: 0x4ad9344f  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0xe0000000  Faulting process id:
 0x288  Faulting application start time: 0x01cd4532464dc9c5  Faulting application path:
 C:\Program Files\EeePC\HotkeyService\HotkeyService.exe  Faulting module path: unknown
Report
 Id: c02b22b9-b311-11e1-b678-e0cb4e40d7fd
 
Error - 6/12/2012 4:52:45 AM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
[ OSession Events ]
Error - 7/20/2010 3:14:30 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 34
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 9/23/2012 2:50:52 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:  %%1068
 
Error - 9/23/2012 2:50:52 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:  %%1068
 
Error - 9/23/2012 2:50:52 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:  %%1068
 
Error - 9/23/2012 2:50:52 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:  %%1068
 
Error - 9/23/2012 2:53:44 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Oberon
 Media Game Console service service to connect.
 
Error - 9/23/2012 2:53:44 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The Oberon Media Game Console service service failed to start due
to the following error:  %%1053
 
Error - 9/23/2012 2:53:59 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
  cdrom
 
Error - 9/23/2012 3:40:18 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =
 
Error - 9/23/2012 3:54:48 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
  cdrom
 
Error - 9/23/2012 3:59:24 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
  cdrom
 
 
< End of report >
Malwarebytes:
Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.23.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner2 :: OWNER-PC [administrator]

9/23/2012 9:03:40 PM
mbam-log-2012-09-23 (21-03-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216119
Time elapsed: 32 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Owner\AppData\Local\Temp\deo0_sar.exe (Spyware.Zeus) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Quarantined and deleted successfully.

(end)

cosinus 24.09.2012 19:22
Danke ;) so ist es direkter

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

mcflash99 27.09.2012 17:03
Hi,

hier die beiden Logs:

Malwarebytes Full Scan:
Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.26.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner2 :: OWNER-PC [administrator]

9/26/2012 12:22:32 PM
mbam-log-2012-09-26 (12-22-32).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 353415
Time elapsed: 3 hour(s), 15 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Und das Log von ESET:
Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8bead76a68297e4e839153e2de276628
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-26 05:25:07
# local_time=2012-09-26 07:25:07 (+0100, W. Europe Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 91500172 91500172 0 0
# compatibility_mode=1792 16777215 100 0 1020 1020 0 0
# compatibility_mode=5893 16776574 66 85 40456652 100299259 0 0
# compatibility_mode=8192 67108863 100 0 261 261 0 0
# scanned=146392
# found=3
# cleaned=0
# scan_time=12239
C:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\gg4vr7eb.default\Cache\F\57\3B666d01        JS/Kryptik.VK trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Owner\AppData\Local\Temp\V.class        a variant of Java/Exploit.CVE-2011-3544.BQ trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\737fdc35-71de4dbe        Java/Exploit.CVE-2012-0507.DM trojan (unable to clean)        00000000000000000000000000000000        I
Vielen Dank und schöne Grüße,
mcflash99

cosinus 27.09.2012 20:13
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

mcflash99 28.09.2012 17:34
Und hier das Log vom AdwCleaner:
Code:
# AdwCleaner v2.003 - Logfile created 09/28/2012 at 18:28:38
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : Owner2 - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner2\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\DVDVideoSoftTB
Folder Found : C:\Users\Owner\AppData\Local\Conduit
Folder Found : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Found : C:\Users\Owner\AppData\LocalLow\DVDVideoSoftTB
Folder Found : C:\Users\Owner\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Owner\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Owner2\AppData\LocalLow\Conduit
Folder Found : C:\Users\Owner2\AppData\LocalLow\DVDVideoSoftTB
Folder Found : C:\Users\Owner2\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DVDVideoSoftTB
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C587D6BD-838B-4CEA-A252-41AAF870F0F9}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC4F8B1D-42D7-4DC6-BF81-84E51DA82F63}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Owner2\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3215 octets] - [28/09/2012 18:28:38]

########## EOF - C:\AdwCleaner[R1].txt - [3275 octets] ##########
Viele Grüße,
mcflash99

cosinus 28.09.2012 19:15
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

mcflash99 29.09.2012 11:32
Hier das nächste Log:

Code:
# AdwCleaner v2.003 - Logfile created 09/29/2012 at 12:23:13
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : Owner2 - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner2\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DVDVideoSoftTB
Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Owner\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\Users\Owner\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Owner\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Owner2\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Owner2\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\Users\Owner2\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DVDVideoSoftTB
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C587D6BD-838B-4CEA-A252-41AAF870F0F9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC4F8B1D-42D7-4DC6-BF81-84E51DA82F63}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Owner2\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3344 octets] - [28/09/2012 18:28:38]
AdwCleaner[S1].txt - [3359 octets] - [29/09/2012 12:23:13]

########## EOF - C:\AdwCleaner[S1].txt - [3419 octets] ##########
Viele Grüße,
mcflash99

cosinus 01.10.2012 11:28
Hätte da mal drei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
3.) Die Werbeeinblendungen bzw Weiterleitungen wie zB Incredibar oder Mystart sind nun weg?

mcflash99 02.10.2012 17:03
Hi cosinus,

das sieht soweit sehr gut aus!

Der GVU-Screen kommt nicht mehr und im Startmenü gibts (außer Startup) keine leeren Ordner. Scheint alles da zu sein.

In den Browsern folgendes:
IE: Sauber, habe noch die Bing-Bar deaktiviert.
Chrome: Sauber, die Preferences waren aber nicht lesbar, er ist also zurück auf den Standardeinstellungen
Firefox: Da ist noch search.conduit.com als Startseite eingetragen, das habe ich geändert. Hoffentlich wurde durch den Aufruf der Seite nicht wieder etwas verseucht.

Viele Grüße,
Andre

cosinus 02.10.2012 20:14
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

mcflash99 04.10.2012 20:04
Hi,

hier das neue OTL-Log:
Code:
OTL logfile created on: 10/4/2012 7:44:39 PM - Run 2
OTL by OldTimer - Version 3.2.70.2    Folder = C:\Users\Owner\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1015.24 Mb Total Physical Memory | 268.09 Mb Available Physical Memory | 26.41% Memory free
1.99 Gb Paging File | 1.01 Gb Available in Paging File | 50.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.03 Gb Total Space | 64.73 Gb Free Space | 46.55% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/10/04 19:40:43 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/09/07 20:26:05 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/09/07 20:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/09/07 20:25:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/09/07 20:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/01/29 11:18:52 | 000,751,592 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2009/12/02 18:09:54 | 000,246,272 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe
PRC - [2009/12/02 18:08:52 | 000,132,096 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\UIExec.exe
PRC - [2009/10/16 15:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2009/10/14 04:34:34 | 000,628,016 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Security\VizorHtmlDialog.exe
PRC - [2009/09/15 02:05:56 | 000,044,312 | ---- | M] () -- C:\Program Files\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe
PRC - [2009/09/11 05:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/09/09 20:15:12 | 000,413,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/08/12 22:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009/07/20 11:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009/12/02 18:08:52 | 000,132,096 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\UIExec.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2012/09/07 20:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/09/07 20:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/07/29 05:26:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/12/02 18:09:54 | 000,246,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/09/15 02:05:56 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2012/09/07 20:26:05 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/09/07 20:26:05 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/09/07 20:26:05 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/06/27 01:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/10/29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/10/14 02:33:32 | 000,167,952 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/10/14 02:33:32 | 000,083,344 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/10/14 02:33:32 | 000,058,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/10/14 02:33:32 | 000,052,752 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/07/27 09:06:45 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/07/20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/06 10:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\SearchScopes\{166B413F-2F4C-4339-BCFB-956F7EACEA8F}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/result.htm?q={searchTerms}&SearchMashine=true
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Plasmoo"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
FF - prefs.js..plasmoo.search.engine.prevkeywordurl: "data:text/plain,keyword.URL=hxxp://go.gmx.net/br/moz4_keyurl_search/?su="
FF - prefs.js..plasmoo.search.engine.prevsearchdefaultenginename: "data:text/plain,browser.search.defaultenginename=GMX Suche"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.3.37: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.3.37: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/26 11:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/02 17:42:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/02 17:42:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/02 17:42:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/02 17:42:30 | 000,000,000 | ---D | M]
 
[2010/02/19 23:00:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/06/28 21:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions
[2012/06/28 21:48:41 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/04/29 12:54:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/04/29 12:55:09 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\engine@plasmoo.com
[2011/10/16 13:32:49 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\DivXWebPlayer@divx.com.xpi
[2012/06/28 21:48:31 | 000,564,925 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\toolbar@gmx.net.xpi
[2012/04/24 21:31:10 | 000,000,931 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\searchplugins\conduit.xml
[2011/04/20 17:40:20 | 000,001,976 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\searchplugins\plasmoo.xml
[2012/09/23 21:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/23 21:10:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2011/10/17 20:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/10/17 20:57:57 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2012/07/29 05:26:05 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/17 21:48:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/05/17 21:48:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/17 21:48:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/05/17 21:48:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/05/17 21:48:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/05/17 21:48:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\google\chrome\application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\google\chrome\application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\google\chrome\application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_2\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ASUS Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\ASUS\SystemSetting\StarterHelper.dll (ASUSTeK Computer Inc.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [HotKeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe ()
O4 - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Security\VizorHtmlDialog.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} hxxp://www.pixum.de/apps/EasyUploadX.cab (Pixum EasyUploadX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38B2D3DF-952F-4C07-A567-A559EC1145D5}: DhcpNameServer = 62.179.104.196 213.46.228.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7F131BC-7F3C-45CE-8059-189F353EEE76}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Spotify - hkey= - key= - C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/04 19:41:10 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/10/04 19:36:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Apple Computer
[2012/10/02 17:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/10/02 17:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/10/02 17:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/09/26 15:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/26 15:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/09/26 15:44:20 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2012/09/26 15:44:17 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012/09/26 15:44:17 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012/09/26 15:44:17 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[2012/09/26 15:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/09/26 15:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/09/23 21:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/23 21:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/23 21:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/09/23 21:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/23 21:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/23 21:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/23 21:00:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/09/23 21:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/04 20:00:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/04 19:44:25 | 000,010,000 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/04 19:44:25 | 000,010,000 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/04 19:40:43 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/10/04 19:36:17 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/04 19:36:04 | 000,016,384 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/10/04 19:35:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/26 15:44:47 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/09/26 12:48:37 | 000,628,348 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/26 12:48:37 | 000,108,494 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/09/23 21:58:46 | 000,354,864 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/09/23 21:31:47 | 000,002,282 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/09/23 20:48:25 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012/09/07 20:26:05 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012/09/07 20:26:05 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012/09/07 20:26:05 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/09/26 15:50:45 | 000,016,384 | ---- | C] () -- C:\windows\System32\Ikeext.etl
[2012/09/26 15:44:47 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/04 10:02:17 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2011/07/23 17:59:31 | 000,003,429 | ---- | C] () -- C:\Users\Owner\.recently-used.xbel
[2010/05/23 20:30:57 | 000,102,400 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/24 01:49:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/26 15:46:25 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/02/13 20:28:35 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Roaming\.#
[2010/07/28 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Asus
[2012/04/26 11:21:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoft
[2011/04/29 12:54:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/02/13 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GameConsole
[2011/02/14 21:55:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\gtk-2.0
[2011/02/21 14:09:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2012/08/04 07:40:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify
[2011/01/27 19:03:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeamViewer
[2011/01/16 17:52:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/02/13 20:28:35 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Roaming\.#
[2010/02/19 01:33:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Adobe
[2012/10/04 19:36:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Apple Computer
[2010/07/28 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Asus
[2012/04/26 11:21:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoft
[2011/04/29 12:54:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/02/13 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GameConsole
[2011/02/14 21:55:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\gtk-2.0
[2009/07/14 06:54:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Identities
[2009/10/26 10:08:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\InstallShield
[2009/10/26 10:13:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Macromedia
[2011/06/23 08:14:44 | 000,000,000 | --SD | M] -- C:\Users\Owner\AppData\Roaming\Microsoft
[2010/02/19 23:00:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla
[2011/02/21 14:09:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2012/04/26 11:36:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Real
[2012/06/05 20:41:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Skype
[2012/06/05 19:06:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\skypePM
[2012/08/04 07:40:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify
[2011/01/27 19:03:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeamViewer
[2011/01/16 17:52:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
 
< %APPDATA%\*.exe /s >
[2012/07/25 22:53:14 | 007,601,880 | ---- | M] (Spotify Ltd) -- C:\Users\Owner\AppData\Roaming\Spotify\spotify.exe
[2012/07/25 22:53:14 | 000,114,904 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Spotify\SpotifyLauncher.exe
[2012/07/25 22:53:13 | 001,193,176 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009/06/04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:AB689DEA

< End of report >

cosinus 05.10.2012 09:31
Hm, da ist immer noch Toolbar-Müll drin
Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

mcflash99 05.10.2012 17:38
Here we go:
Code:
# AdwCleaner v2.003 - Logfile created 10/05/2012 at 18:33:25
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\searchplugins\Conduit.xml
Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\ConduitCommon
Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\CT2269050
Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\prefs.js

Found : user_pref("CT2269050..clientLogIsEnabled", false);
Found : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Found : user_pref("CT2269050.CTID", "CT2269050");
Found : user_pref("CT2269050.CurrentServerDate", "17-5-2012");
Found : user_pref("CT2269050.DSChangedManually", true);
Found : user_pref("CT2269050.DSInstall", true);
Found : user_pref("CT2269050.DialogsAlignMode", "LTR");
Found : user_pref("CT2269050.DialogsGetterLastCheckTime", "Tue May 15 2012 19:37:27 GMT+0200");
Found : user_pref("CT2269050.DownloadReferralCookieData", "");
Found : user_pref("CT2269050.EMailNotifierPollDate", "Tue May 01 2012 08:18:30 GMT+0200");
Found : user_pref("CT2269050.FirstServerDate", "26-4-2012");
Found : user_pref("CT2269050.FirstTime", true);
Found : user_pref("CT2269050.FirstTimeFF3", true);
Found : user_pref("CT2269050.FirstTimeHiddenVer", true);
Found : user_pref("CT2269050.FixPageNotFoundErrors", true);
Found : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2269050.HPInstall", true);
Found : user_pref("CT2269050.HasUserGlobalKeys", true);
Found : user_pref("CT2269050.HomePageProtectorEnabled", true);
Found : user_pref("CT2269050.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=[...]
Found : user_pref("CT2269050.Initialize", true);
Found : user_pref("CT2269050.InitializeCommonPrefs", true);
Found : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Found : user_pref("CT2269050.InstalledDate", "Thu Apr 26 2012 11:30:10 GMT+0200");
Found : user_pref("CT2269050.InvalidateCache", false);
Found : user_pref("CT2269050.IsAlertDBUpdated", true);
Found : user_pref("CT2269050.IsGrouping", false);
Found : user_pref("CT2269050.IsInitSetupIni", true);
Found : user_pref("CT2269050.IsMulticommunity", false);
Found : user_pref("CT2269050.IsOpenThankYouPage", false);
Found : user_pref("CT2269050.IsOpenUninstallPage", false);
Found : user_pref("CT2269050.IsProtectorsInit", true);
Found : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed May 16 2012 19:37:27 GMT+0200");
Found : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2269050.LastLogin_3.12.2.3", "Thu May 17 2012 16:57:22 GMT+0200");
Found : user_pref("CT2269050.LatestVersion", "3.12.2.3");
Found : user_pref("CT2269050.Locale", "en");
Found : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Found : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Found : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2269050.OriginalFirstVersion", "3.12.2.3");
Found : user_pref("CT2269050.RadioIsPodcast", false);
Found : user_pref("CT2269050.RadioLastCheckTime", "Tue May 01 2012 08:18:31 GMT+0200");
Found : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Found : user_pref("CT2269050.RadioMediaID", "12473383");
Found : user_pref("CT2269050.RadioMediaType", "Media Player");
Found : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Found : user_pref("CT2269050.RadioShrinkedFromSetup", false);
Found : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Found : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Found : user_pref("CT2269050.SavedHomepage", "hxxp://plasmoo.com");
Found : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");
Found : user_pref("CT2269050.SearchEngineBeforeUnload", "DVDVideoSoftTB Customized Web Search");
Found : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Found : user_pref("CT2269050.SearchInNewTabEnabled", true);
Found : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed May 16 2012 19:37:23 GMT+0200");
Found : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2269050.SearchProtectorEnabled", false);
Found : user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2269050.SendProtectorDataViaLogin", true);
Found : user_pref("CT2269050.ServiceMapLastCheckTime", "Wed May 16 2012 19:37:25 GMT+0200");
Found : user_pref("CT2269050.SettingsLastCheckTime", "Thu May 17 2012 16:57:20 GMT+0200");
Found : user_pref("CT2269050.SettingsLastUpdate", "1337169810");
Found : user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
Found : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Thu Apr 26 2012 11:29:56 GMT+0200");
Found : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Found : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2269050.UserID", "UN65985255691350585");
Found : user_pref("CT2269050.ValidationData_Toolbar", 1);
Found : user_pref("CT2269050.WeatherNetwork", "");
Found : user_pref("CT2269050.WeatherPollDate", "Tue May 01 2012 08:18:33 GMT+0200");
Found : user_pref("CT2269050.WeatherUnit", "C");
Found : user_pref("CT2269050.alertChannelId", "666138");
Found : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Found : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Found : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Found : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]
Found : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Found : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Found : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6E6D6B6F72757574");
Found : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747374737175787B7B7A242F4B4947[...]
Found : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Found : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Found : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Found : user_pref("CT2269050.backendstorage./9b+7e31;cjb<<l!lad", "247E61393F236B256F7872712A212C6E414F444D3[...]
Found : user_pref("CT2269050.backendstorage./9b+7e31;cje6:>g=ocn&qfi", "247E61393F236B256F7371762A212C6E414F[...]
Found : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Found : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Found : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Found : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Found : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Found : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Found : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Found : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Found : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Found : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Found : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Found : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Found : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Found : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Found : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Found : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Found : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Found : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Found : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Found : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Found : user_pref("CT2269050.backendstorage./9b-0?3g>d", "3E3F6C3D3F6E6C457A7870454820487D7E202522204F532A20[...]
Found : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Found : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Found : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Found : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Found : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...]
Found : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "3B693D40406B42767A4774447B4A787E4B204F4D52");
Found : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6E6D6B6F72757574777573");
Found : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Found : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Found : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Found : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Found : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Found : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Found : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "547565204D617920303120323031322031313A[...]
Found : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Found : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Thu Apr 26 2012 11:30:09 GMT+0200");
Found : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2269050.initDone", true);
Found : user_pref("CT2269050.isAppTrackingManagerOn", true);
Found : user_pref("CT2269050.isFirstRadioInstallation", false);
Found : user_pref("CT2269050.myStuffEnabled", true);
Found : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2269050.navigateToUrlOnSearch", false);
Found : user_pref("CT2269050.revertSettingsEnabled", true);
Found : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Found : user_pref("CT2269050.testingCtid", "");
Found : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Wed May 16 2012 19:37:27 GMT+0200");
Found : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Thu Apr 26 2012 11:30:41 GMT+0200");
Found : user_pref("CT2269050.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"67e[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Owner\\AppData\\Roaming\\Mozilla\\F[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://plasmoo.com/result.htm?q=");
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2269050");
Found : user_pref("CommunityToolbar.globalUserId", "6b3f5e9e-0aff-4b1a-b617-8df2230053ca");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Apr 26 2012 11:30:1[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue May 01 2012 08:18:41 GMT+020[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue May 01 2012 08:18:30 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "3be1efdc-8b25-4de4-8bdf-2c7b672ddf6f");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://plasmoo.com");
Found : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Found : user_pref("browser.search.defaultthis.engineName", "DVDVideoSoftTB Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Owner2\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3344 octets] - [28/09/2012 18:28:38]
AdwCleaner[S1].txt - [3488 octets] - [29/09/2012 12:23:13]
AdwCleaner[R2].txt - [19047 octets] - [05/10/2012 18:33:25]

########## EOF - C:\AdwCleaner[R2].txt - [19108 octets] ##########

cosinus 05.10.2012 18:26
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

mcflash99 05.10.2012 18:47
Und hier das Log:
Code:
# AdwCleaner v2.003 - Logfile created 10/05/2012 at 19:36:35
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\searchplugins\Conduit.xml
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\ConduitCommon
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\CT2269050
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\prefs.js

Deleted : user_pref("CT2269050..clientLogIsEnabled", false);
Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Deleted : user_pref("CT2269050.CTID", "CT2269050");
Deleted : user_pref("CT2269050.CurrentServerDate", "17-5-2012");
Deleted : user_pref("CT2269050.DSChangedManually", true);
Deleted : user_pref("CT2269050.DSInstall", true);
Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2269050.DialogsGetterLastCheckTime", "Tue May 15 2012 19:37:27 GMT+0200");
Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Tue May 01 2012 08:18:30 GMT+0200");
Deleted : user_pref("CT2269050.FirstServerDate", "26-4-2012");
Deleted : user_pref("CT2269050.FirstTime", true);
Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Deleted : user_pref("CT2269050.FirstTimeHiddenVer", true);
Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2269050.HPInstall", true);
Deleted : user_pref("CT2269050.HasUserGlobalKeys", true);
Deleted : user_pref("CT2269050.HomePageProtectorEnabled", true);
Deleted : user_pref("CT2269050.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=[...]
Deleted : user_pref("CT2269050.Initialize", true);
Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2269050.InstalledDate", "Thu Apr 26 2012 11:30:10 GMT+0200");
Deleted : user_pref("CT2269050.InvalidateCache", false);
Deleted : user_pref("CT2269050.IsAlertDBUpdated", true);
Deleted : user_pref("CT2269050.IsGrouping", false);
Deleted : user_pref("CT2269050.IsInitSetupIni", true);
Deleted : user_pref("CT2269050.IsMulticommunity", false);
Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Deleted : user_pref("CT2269050.IsProtectorsInit", true);
Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed May 16 2012 19:37:27 GMT+0200");
Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2269050.LastLogin_3.12.2.3", "Thu May 17 2012 16:57:22 GMT+0200");
Deleted : user_pref("CT2269050.LatestVersion", "3.12.2.3");
Deleted : user_pref("CT2269050.Locale", "en");
Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2269050.OriginalFirstVersion", "3.12.2.3");
Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Deleted : user_pref("CT2269050.RadioLastCheckTime", "Tue May 01 2012 08:18:31 GMT+0200");
Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Deleted : user_pref("CT2269050.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Deleted : user_pref("CT2269050.SavedHomepage", "hxxp://plasmoo.com");
Deleted : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");
Deleted : user_pref("CT2269050.SearchEngineBeforeUnload", "DVDVideoSoftTB Customized Web Search");
Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed May 16 2012 19:37:23 GMT+0200");
Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2269050.SearchProtectorEnabled", false);
Deleted : user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2269050.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2269050.ServiceMapLastCheckTime", "Wed May 16 2012 19:37:25 GMT+0200");
Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Thu May 17 2012 16:57:20 GMT+0200");
Deleted : user_pref("CT2269050.SettingsLastUpdate", "1337169810");
Deleted : user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Thu Apr 26 2012 11:29:56 GMT+0200");
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Deleted : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2269050.UserID", "UN65985255691350585");
Deleted : user_pref("CT2269050.ValidationData_Toolbar", 1);
Deleted : user_pref("CT2269050.WeatherNetwork", "");
Deleted : user_pref("CT2269050.WeatherPollDate", "Tue May 01 2012 08:18:33 GMT+0200");
Deleted : user_pref("CT2269050.WeatherUnit", "C");
Deleted : user_pref("CT2269050.alertChannelId", "666138");
Deleted : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6E6D6B6F72757574");
Deleted : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747374737175787B7B7A242F4B4947[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cjb<<l!lad", "247E61393F236B256F7872712A212C6E414F444D3[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e31;cje6:>g=ocn&qfi", "247E61393F236B256F7371762A212C6E414F[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Deleted : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Deleted : user_pref("CT2269050.backendstorage./9b-0?3g>d", "3E3F6C3D3F6E6C457A7870454820487D7E202522204F532A20[...]
Deleted : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Deleted : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Deleted : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Deleted : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Deleted : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...]
Deleted : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "3B693D40406B42767A4774447B4A787E4B204F4D52");
Deleted : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6E6D6B6F72757574777573");
Deleted : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Deleted : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "547565204D617920303120323031322031313A[...]
Deleted : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Deleted : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Thu Apr 26 2012 11:30:09 GMT+0200");
Deleted : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.initDone", true);
Deleted : user_pref("CT2269050.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2269050.isFirstRadioInstallation", false);
Deleted : user_pref("CT2269050.myStuffEnabled", true);
Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2269050.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2269050.revertSettingsEnabled", true);
Deleted : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.testingCtid", "");
Deleted : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Wed May 16 2012 19:37:27 GMT+0200");
Deleted : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Thu Apr 26 2012 11:30:41 GMT+0200");
Deleted : user_pref("CT2269050.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"67e[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Owner\\AppData\\Roaming\\Mozilla\\F[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://plasmoo.com/result.htm?q=");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2269050");
Deleted : user_pref("CommunityToolbar.globalUserId", "6b3f5e9e-0aff-4b1a-b617-8df2230053ca");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Apr 26 2012 11:30:1[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue May 01 2012 08:18:41 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue May 01 2012 08:18:30 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "3be1efdc-8b25-4de4-8bdf-2c7b672ddf6f");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://plasmoo.com");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Deleted : user_pref("browser.search.defaultthis.engineName", "DVDVideoSoftTB Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Owner2\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3344 octets] - [28/09/2012 18:28:38]
AdwCleaner[S1].txt - [3488 octets] - [29/09/2012 12:23:13]
AdwCleaner[R2].txt - [19178 octets] - [05/10/2012 18:33:25]
AdwCleaner[S2].txt - [19559 octets] - [05/10/2012 19:36:35]

########## EOF - C:\AdwCleaner[S2].txt - [19620 octets] ##########

cosinus 06.10.2012 18:34
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

mcflash99 09.10.2012 18:21
Hier das neue OTL-Log:
Code:
OTL logfile created on: 10/9/2012 5:49:51 PM - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Owner\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1015.24 Mb Total Physical Memory | 72.27 Mb Available Physical Memory | 7.12% Memory free
1.99 Gb Paging File | 0.94 Gb Available in Paging File | 47.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.03 Gb Total Space | 64.12 Gb Free Space | 46.12% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/10/09 17:47:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/09/07 20:26:05 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/09/07 20:26:02 | 000,613,880 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\update.exe
PRC - [2012/09/07 20:26:02 | 000,047,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\updrgui.exe
PRC - [2012/09/07 20:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/09/07 20:25:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/09/07 20:25:55 | 000,304,120 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
PRC - [2012/09/07 20:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/01/29 11:18:52 | 000,751,592 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2009/12/02 18:09:54 | 000,246,272 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe
PRC - [2009/12/02 18:08:52 | 000,132,096 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\UIExec.exe
PRC - [2009/10/16 15:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2009/10/14 04:34:34 | 000,628,016 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Security\VizorHtmlDialog.exe
PRC - [2009/09/15 02:05:56 | 000,044,312 | ---- | M] () -- C:\Program Files\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe
PRC - [2009/09/11 05:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/09/09 20:15:12 | 000,413,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/08/12 22:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009/07/20 11:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009/12/02 18:08:52 | 000,132,096 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\UIExec.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2012/09/07 20:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/09/07 20:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/07/29 05:26:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/12/02 18:09:54 | 000,246,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/09/15 02:05:56 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2012/09/07 20:26:05 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/09/07 20:26:05 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/09/07 20:26:05 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/06/27 01:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/10/29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/10/14 02:33:32 | 000,167,952 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/10/14 02:33:32 | 000,083,344 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/10/14 02:33:32 | 000,058,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/10/14 02:33:32 | 000,052,752 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/07/27 09:06:45 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/07/20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/06 10:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\SearchScopes\{166B413F-2F4C-4339-BCFB-956F7EACEA8F}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/result.htm?q={searchTerms}&SearchMashine=true
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Plasmoo"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..plasmoo.search.engine.prevkeywordurl: "data:text/plain,keyword.URL=hxxp://go.gmx.net/br/moz4_keyurl_search/?su="
FF - prefs.js..plasmoo.search.engine.prevsearchdefaultenginename: "data:text/plain,browser.search.defaultenginename=GMX Suche"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.3.37: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.3.37: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/26 11:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/02 17:42:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/02 17:42:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/02 17:42:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/02 17:42:30 | 000,000,000 | ---D | M]
 
[2010/02/19 23:00:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/10/07 03:39:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions
[2011/04/29 12:54:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/04/29 12:55:09 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\engine@plasmoo.com
[2011/10/16 13:32:49 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\DivXWebPlayer@divx.com.xpi
[2012/10/07 03:39:01 | 000,493,426 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\toolbar@gmx.net.xpi
[2011/04/20 17:40:20 | 000,001,976 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\searchplugins\plasmoo.xml
[2012/09/23 21:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/23 21:10:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2011/10/17 20:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/10/17 20:57:57 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2012/07/29 05:26:05 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/17 21:48:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/05/17 21:48:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/17 21:48:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/05/17 21:48:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/05/17 21:48:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/05/17 21:48:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\windows\system32\npdeployJava1.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ASUS Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\ASUS\SystemSetting\StarterHelper.dll (ASUSTeK Computer Inc.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [HotKeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe ()
O4 - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Security\VizorHtmlDialog.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} hxxp://www.pixum.de/apps/EasyUploadX.cab (Pixum EasyUploadX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38B2D3DF-952F-4C07-A567-A559EC1145D5}: DhcpNameServer = 62.179.104.196 213.46.228.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7F131BC-7F3C-45CE-8059-189F353EEE76}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Spotify - hkey= - key= - C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/09 17:47:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/10/07 03:38:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Macromedia
[2012/10/04 20:42:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Avira
[2012/10/04 19:36:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Apple Computer
[2012/10/02 17:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/10/02 17:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/10/02 17:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/09/26 15:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/26 15:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/09/26 15:44:20 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2012/09/26 15:44:17 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012/09/26 15:44:17 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012/09/26 15:44:17 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[2012/09/26 15:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/09/26 15:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/09/23 21:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/23 21:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/23 21:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/09/23 21:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/23 21:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/23 21:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/23 21:00:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/09/23 21:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/09 18:00:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/09 17:53:25 | 000,010,000 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/09 17:53:25 | 000,010,000 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/09 17:47:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/10/09 17:43:40 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/09 17:43:36 | 000,016,384 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/10/09 17:43:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/05 18:32:20 | 000,513,501 | ---- | M] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2012/10/04 20:06:18 | 000,002,316 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/09/26 15:44:47 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/09/26 12:48:37 | 000,628,348 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/26 12:48:37 | 000,108,494 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/09/23 21:58:46 | 000,354,864 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/09/23 20:48:25 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/10/05 18:32:14 | 000,513,501 | ---- | C] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2012/09/26 15:50:45 | 000,016,384 | ---- | C] () -- C:\windows\System32\Ikeext.etl
[2012/09/26 15:44:47 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/04 10:02:17 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2011/07/23 17:59:31 | 000,003,429 | ---- | C] () -- C:\Users\Owner\.recently-used.xbel
[2010/05/23 20:30:57 | 000,102,400 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/24 01:49:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/26 15:46:25 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/02/13 20:28:35 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Roaming\.#
[2010/07/28 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Asus
[2012/04/26 11:21:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoft
[2011/04/29 12:54:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/02/13 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GameConsole
[2011/02/14 21:55:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\gtk-2.0
[2011/02/21 14:09:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2012/08/04 07:40:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify
[2011/01/27 19:03:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeamViewer
[2011/01/16 17:52:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/02/13 20:28:35 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Roaming\.#
[2010/02/19 01:33:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Adobe
[2012/10/04 19:36:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Apple Computer
[2010/07/28 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Asus
[2012/10/04 20:42:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Avira
[2012/04/26 11:21:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoft
[2011/04/29 12:54:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/02/13 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GameConsole
[2011/02/14 21:55:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\gtk-2.0
[2009/07/14 06:54:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Identities
[2009/10/26 10:08:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\InstallShield
[2009/10/26 10:13:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Macromedia
[2012/10/07 03:38:43 | 000,000,000 | --SD | M] -- C:\Users\Owner\AppData\Roaming\Microsoft
[2010/02/19 23:00:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla
[2011/02/21 14:09:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2012/04/26 11:36:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Real
[2012/06/05 20:41:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Skype
[2012/06/05 19:06:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\skypePM
[2012/08/04 07:40:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify
[2011/01/27 19:03:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeamViewer
[2011/01/16 17:52:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
 
< %APPDATA%\*.exe /s >
[2012/07/25 22:53:14 | 007,601,880 | ---- | M] (Spotify Ltd) -- C:\Users\Owner\AppData\Roaming\Spotify\spotify.exe
[2012/07/25 22:53:14 | 000,114,904 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Spotify\SpotifyLauncher.exe
[2012/07/25 22:53:13 | 001,193,176 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009/06/04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:AB689DEA

< End of report >

cosinus 09.10.2012 19:13
Ich seh da immer noch Toolbar/Adware-Müll :D

Bitte mal den aktuellen adwCleaner runterladen, Version 2.004 ist draußen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

mcflash99 14.10.2012 15:15
Sorry, das hat ein paar Tage gedauert, aber so ists zumindest schon Version 2.005.

Hier das Log:
Code:
# AdwCleaner v2.005 - Logfile created 10/14/2012 at 16:06:41
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-782359419-2307183593-61034220-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Owner2\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3344 octets] - [28/09/2012 18:28:38]
AdwCleaner[S1].txt - [3488 octets] - [29/09/2012 12:23:13]
AdwCleaner[R2].txt - [19178 octets] - [05/10/2012 18:33:25]
AdwCleaner[S2].txt - [19690 octets] - [05/10/2012 19:36:35]
AdwCleaner[R3].txt - [1552 octets] - [14/10/2012 16:06:41]

########## EOF - C:\AdwCleaner[R3].txt - [1612 octets] ##########

cosinus 14.10.2012 19:31
Ok danke

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

mcflash99 15.10.2012 16:37
Hier das Log:
Code:
# AdwCleaner v2.005 - Logfile created 10/15/2012 at 17:17:53
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Owner2\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3344 octets] - [28/09/2012 18:28:38]
AdwCleaner[S1].txt - [3488 octets] - [29/09/2012 12:23:13]
AdwCleaner[R2].txt - [19178 octets] - [05/10/2012 18:33:25]
AdwCleaner[S2].txt - [19690 octets] - [05/10/2012 19:36:35]
AdwCleaner[R3].txt - [1681 octets] - [14/10/2012 16:06:41]
AdwCleaner[S3].txt - [1466 octets] - [15/10/2012 17:17:53]

########## EOF - C:\AdwCleaner[S3].txt - [1526 octets] ##########

cosinus 15.10.2012 17:58
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

mcflash99 16.10.2012 17:53
Hier das Ergebnis:
Code:
# AdwCleaner v2.005 - Logfile created 10/16/2012 at 18:30:02
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Owner2\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3344 octets] - [28/09/2012 18:28:38]
AdwCleaner[S1].txt - [3488 octets] - [29/09/2012 12:23:13]
AdwCleaner[R2].txt - [19178 octets] - [05/10/2012 18:33:25]
AdwCleaner[S2].txt - [19690 octets] - [05/10/2012 19:36:35]
AdwCleaner[R3].txt - [1681 octets] - [14/10/2012 16:06:41]
AdwCleaner[S3].txt - [1595 octets] - [15/10/2012 17:17:53]
AdwCleaner[S4].txt - [1308 octets] - [16/10/2012 18:30:02]

########## EOF - C:\AdwCleaner[S4].txt - [1368 octets] ##########

cosinus 17.10.2012 13:04
Mach bitte einen (neuen) CustomScan mit OTL - das Log davon nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

mcflash99 18.10.2012 17:39
Und hier das nächste Log:
Code:
OTL logfile created on: 10/17/2012 5:22:32 PM - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Owner\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1015.24 Mb Total Physical Memory | 183.62 Mb Available Physical Memory | 18.09% Memory free
1.99 Gb Paging File | 1.04 Gb Available in Paging File | 52.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.03 Gb Total Space | 64.79 Gb Free Space | 46.60% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/10/17 17:20:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/09/07 20:26:05 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/09/07 20:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/09/07 20:25:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/09/07 20:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/08/20 19:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/01/29 11:18:52 | 000,751,592 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2009/12/02 18:09:54 | 000,246,272 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe
PRC - [2009/12/02 18:08:52 | 000,132,096 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\UIExec.exe
PRC - [2009/10/16 15:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2009/10/14 04:34:34 | 000,628,016 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Security\VizorHtmlDialog.exe
PRC - [2009/09/15 02:05:56 | 000,044,312 | ---- | M] () -- C:\Program Files\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe
PRC - [2009/09/11 05:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/09/09 20:15:12 | 000,413,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/08/12 22:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009/07/20 11:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009/12/02 18:08:52 | 000,132,096 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\UIExec.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2012/09/07 20:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/09/07 20:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/07/29 05:26:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/12/02 18:09:54 | 000,246,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009/09/15 02:05:56 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2012/09/07 20:26:05 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/09/07 20:26:05 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/09/07 20:26:05 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/06/27 01:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/10/29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/10/14 02:33:32 | 000,167,952 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/10/14 02:33:32 | 000,083,344 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/10/14 02:33:32 | 000,058,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/10/14 02:33:32 | 000,052,752 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2009/07/27 09:06:45 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/07/20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/06 10:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\SearchScopes\{166B413F-2F4C-4339-BCFB-956F7EACEA8F}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/result.htm?q={searchTerms}&SearchMashine=true
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Plasmoo"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..plasmoo.search.engine.prevkeywordurl: "data:text/plain,keyword.URL=hxxp://go.gmx.net/br/moz4_keyurl_search/?su="
FF - prefs.js..plasmoo.search.engine.prevsearchdefaultenginename: "data:text/plain,browser.search.defaultenginename=GMX Suche"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.3.37: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.3.37: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/26 11:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/02 17:42:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/02 17:42:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/02 17:42:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/02 17:42:30 | 000,000,000 | ---D | M]
 
[2010/02/19 23:00:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/10/07 03:39:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions
[2011/04/29 12:54:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/04/29 12:55:09 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\engine@plasmoo.com
[2011/10/16 13:32:49 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\DivXWebPlayer@divx.com.xpi
[2012/10/07 03:39:01 | 000,493,426 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\toolbar@gmx.net.xpi
[2011/04/20 17:40:20 | 000,001,976 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\searchplugins\plasmoo.xml
[2012/09/23 21:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/23 21:10:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2011/10/17 20:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/10/17 20:57:57 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2012/07/29 05:26:05 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/17 21:48:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/05/17 21:48:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/17 21:48:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/05/17 21:48:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/05/17 21:48:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/05/17 21:48:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\windows\system32\npdeployJava1.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ASUS Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\ASUS\SystemSetting\StarterHelper.dll (ASUSTeK Computer Inc.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [HotKeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe ()
O4 - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Security\VizorHtmlDialog.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} hxxp://www.pixum.de/apps/EasyUploadX.cab (Pixum EasyUploadX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38B2D3DF-952F-4C07-A567-A559EC1145D5}: DhcpNameServer = 62.179.104.196 213.46.228.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7F131BC-7F3C-45CE-8059-189F353EEE76}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Spotify - hkey= - key= - C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/17 17:20:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/10/07 03:38:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Macromedia
[2012/10/04 20:42:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Avira
[2012/10/04 19:36:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Apple Computer
[2012/10/02 17:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/10/02 17:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/10/02 17:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/09/26 15:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/26 15:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/09/26 15:44:20 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2012/09/26 15:44:17 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012/09/26 15:44:17 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012/09/26 15:44:17 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[2012/09/26 15:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/09/26 15:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/09/23 21:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/23 21:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/23 21:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/09/23 21:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/23 21:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/23 21:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/23 21:00:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/09/23 21:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/17 17:25:05 | 000,010,000 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/17 17:25:05 | 000,010,000 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/17 17:20:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/10/17 17:16:56 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/17 17:16:45 | 000,016,384 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/10/17 17:16:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/14 16:04:56 | 000,538,941 | ---- | M] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2012/10/09 19:00:04 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/09 18:11:41 | 000,002,316 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/09/26 15:44:47 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/09/26 12:48:37 | 000,628,348 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/26 12:48:37 | 000,108,494 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/09/23 21:58:46 | 000,354,864 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/09/23 20:48:25 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/10/14 16:04:54 | 000,538,941 | ---- | C] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2012/09/26 15:50:45 | 000,016,384 | ---- | C] () -- C:\windows\System32\Ikeext.etl
[2012/09/26 15:44:47 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/04 10:02:17 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2011/07/23 17:59:31 | 000,003,429 | ---- | C] () -- C:\Users\Owner\.recently-used.xbel
[2010/05/23 20:30:57 | 000,102,400 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/24 01:49:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/26 15:46:25 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/02/13 20:28:35 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Roaming\.#
[2010/07/28 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Asus
[2012/04/26 11:21:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoft
[2011/04/29 12:54:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/02/13 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GameConsole
[2011/02/14 21:55:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\gtk-2.0
[2011/02/21 14:09:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2012/08/04 07:40:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify
[2011/01/27 19:03:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeamViewer
[2011/01/16 17:52:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/02/13 20:28:35 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Roaming\.#
[2010/02/19 01:33:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Adobe
[2012/10/04 19:36:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Apple Computer
[2010/07/28 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Asus
[2012/10/04 20:42:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Avira
[2012/04/26 11:21:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoft
[2011/04/29 12:54:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/02/13 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GameConsole
[2011/02/14 21:55:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\gtk-2.0
[2009/07/14 06:54:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Identities
[2009/10/26 10:08:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\InstallShield
[2009/10/26 10:13:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Macromedia
[2012/10/07 03:38:43 | 000,000,000 | --SD | M] -- C:\Users\Owner\AppData\Roaming\Microsoft
[2010/02/19 23:00:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla
[2011/02/21 14:09:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2012/04/26 11:36:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Real
[2012/06/05 20:41:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Skype
[2012/06/05 19:06:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\skypePM
[2012/08/04 07:40:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify
[2011/01/27 19:03:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeamViewer
[2011/01/16 17:52:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
 
< %APPDATA%\*.exe /s >
[2012/07/25 22:53:14 | 007,601,880 | ---- | M] (Spotify Ltd) -- C:\Users\Owner\AppData\Roaming\Spotify\spotify.exe
[2012/07/25 22:53:14 | 000,114,904 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Spotify\SpotifyLauncher.exe
[2012/07/25 22:53:13 | 001,193,176 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009/06/04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:AB689DEA

< End of report >

cosinus 18.10.2012 20:00
Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\SearchScopes\{166B413F-2F4C-4339-BCFB-956F7EACEA8F}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\SearchScopes\Plasmoo: "URL" = http://plasmoo.com/result.htm?q={searchTerms}&SearchMashine=true
FF - prefs.js..browser.search.defaultenginename: "Plasmoo"
[2011/04/29 12:55:09 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\engine@plasmoo.com
[2011/04/20 17:40:20 | 000,001,976 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\searchplugins\plasmoo.xml
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:AB689DEA
:Files
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache
C:\ProgramData\*.pad
C:\ProgramData\FullRemove.exe
C:\Users\Owner\AppData\Roaming\.#
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

mcflash99 19.10.2012 16:27
Hier das Resultat:
Code:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-782359419-2307183593-61034220-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
HKEY_USERS\S-1-5-21-782359419-2307183593-61034220-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-782359419-2307183593-61034220-1000\Software\Microsoft\Internet Explorer\SearchScopes\{166B413F-2F4C-4339-BCFB-956F7EACEA8F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B413F-2F4C-4339-BCFB-956F7EACEA8F}\ not found.
Registry key HKEY_USERS\S-1-5-21-782359419-2307183593-61034220-1000\Software\Microsoft\Internet Explorer\SearchScopes\{searchTerms}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{searchTerms}\ not found.
Prefs.js: "Plasmoo" removed from browser.search.defaultenginename
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\engine@plasmoo.com\skin folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\engine@plasmoo.com\searchplugin folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\engine@plasmoo.com\chrome\content folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\engine@plasmoo.com\chrome folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\engine@plasmoo.com folder moved successfully.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\searchplugins\plasmoo.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-782359419-2307183593-61034220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-782359419-2307183593-61034220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
ADS C:\ProgramData\TEMP:AB689DEA deleted successfully.
========== FILES ==========
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\ProgramData\ras_0oed.pad moved successfully.
C:\ProgramData\FullRemove.exe moved successfully.
C:\Users\Owner\AppData\Roaming\.# folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 121064 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 321 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Owner
->Temp folder emptied: 4449648 bytes
->Temporary Internet Files folder emptied: 52067800 bytes
->FireFox cache emptied: 60538196 bytes
->Google Chrome cache emptied: 11256097 bytes
->Flash cache emptied: 29103 bytes
 
User: Owner2
->Temp folder emptied: 5051905 bytes
->Temporary Internet Files folder emptied: 15631997 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 12399911 bytes
->Flash cache emptied: 405 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 495 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 134652799 bytes
RecycleBin emptied: 2116136 bytes
 
Total Files Cleaned = 285.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10192012_171916

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 21.10.2012 10:26
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

mcflash99 21.10.2012 19:43
Und hier das nächste Resultat:
Code:
20:29:41.0577 2208  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
20:29:42.0107 2208  ============================================================
20:29:42.0107 2208  Current date / time: 2012/10/21 20:29:42.0107
20:29:42.0107 2208  SystemInfo:
20:29:42.0107 2208 
20:29:42.0107 2208  OS Version: 6.1.7601 ServicePack: 1.0
20:29:42.0107 2208  Product type: Workstation
20:29:42.0107 2208  ComputerName: OWNER-PC
20:29:42.0107 2208  UserName: Owner
20:29:42.0107 2208  Windows directory: C:\windows
20:29:42.0107 2208  System windows directory: C:\windows
20:29:42.0107 2208  Processor architecture: Intel x86
20:29:42.0123 2208  Number of processors: 2
20:29:42.0123 2208  Page size: 0x1000
20:29:42.0123 2208  Boot type: Normal boot
20:29:42.0123 2208  ============================================================
20:29:46.0522 2208  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:29:46.0538 2208  ============================================================
20:29:46.0538 2208  \Device\Harddisk0\DR0:
20:29:46.0538 2208  MBR partitions:
20:29:46.0538 2208  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x11610800
20:29:46.0538 2208  ============================================================
20:29:46.0725 2208  C: <-> \Device\Harddisk0\DR0\Partition1
20:29:46.0725 2208  ============================================================
20:29:46.0725 2208  Initialize success
20:29:46.0725 2208  ============================================================
20:30:05.0835 1132  ============================================================
20:30:05.0835 1132  Scan started
20:30:05.0835 1132  Mode: Manual; SigCheck; TDLFS;
20:30:05.0835 1132  ============================================================
20:30:16.0677 1132  ================ Scan system memory ========================
20:30:16.0677 1132  System memory - ok
20:30:16.0677 1132  ================ Scan services =============================
20:30:23.0713 1132  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
20:30:26.0677 1132  1394ohci - ok
20:30:26.0879 1132  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\windows\system32\drivers\ACPI.sys
20:30:27.0004 1132  ACPI - ok
20:30:27.0316 1132  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi        C:\windows\system32\drivers\acpipmi.sys
20:30:28.0081 1132  AcpiPmi - ok
20:30:28.0517 1132  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\windows\system32\DRIVERS\adp94xx.sys
20:30:28.0939 1132  adp94xx - ok
20:30:29.0126 1132  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\windows\system32\DRIVERS\adpahci.sys
20:30:29.0188 1132  adpahci - ok
20:30:29.0547 1132  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\windows\system32\DRIVERS\adpu320.sys
20:30:29.0609 1132  adpu320 - ok
20:30:29.0750 1132  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\windows\System32\aelupsvc.dll
20:30:31.0544 1132  AeLookupSvc - ok
20:30:31.0825 1132  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD            C:\windows\system32\drivers\afd.sys
20:30:32.0293 1132  AFD - ok
20:30:32.0464 1132  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\drivers\agp440.sys
20:30:32.0542 1132  agp440 - ok
20:30:32.0761 1132  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\windows\system32\DRIVERS\djsvs.sys
20:30:32.0807 1132  aic78xx - ok
20:30:33.0041 1132  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\windows\System32\alg.exe
20:30:33.0603 1132  ALG - ok
20:30:33.0837 1132  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\drivers\aliide.sys
20:30:33.0899 1132  aliide - ok
20:30:33.0977 1132  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\drivers\amdagp.sys
20:30:34.0024 1132  amdagp - ok
20:30:34.0165 1132  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\drivers\amdide.sys
20:30:34.0383 1132  amdide - ok
20:30:35.0522 1132  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\windows\system32\DRIVERS\amdk8.sys
20:30:35.0959 1132  AmdK8 - ok
20:30:36.0083 1132  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
20:30:36.0255 1132  AmdPPM - ok
20:30:36.0598 1132  [ D320BF87125326F996D4904FE24300FC ] amdsata        C:\windows\system32\drivers\amdsata.sys
20:30:36.0661 1132  amdsata - ok
20:30:36.0832 1132  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
20:30:37.0004 1132  amdsbs - ok
20:30:37.0175 1132  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata        C:\windows\system32\drivers\amdxata.sys
20:30:37.0253 1132  amdxata - ok
20:30:37.0987 1132  [ 9ED21A1A053EA3796DB011C6D5419625 ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
20:30:40.0467 1132  Amsp - ok
20:30:42.0183 1132  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:30:42.0230 1132  AntiVirSchedulerService - ok
20:30:42.0698 1132  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:30:42.0760 1132  AntiVirService - ok
20:30:43.0291 1132  [ AEA177F783E20150ACE5383EE368DA19 ] AppID          C:\windows\system32\drivers\appid.sys
20:30:44.0913 1132  AppID - ok
20:30:45.0131 1132  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
20:30:45.0381 1132  AppIDSvc - ok
20:30:45.0911 1132  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo        C:\windows\System32\appinfo.dll
20:30:46.0145 1132  Appinfo - ok
20:30:46.0489 1132  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\windows\system32\DRIVERS\arc.sys
20:30:46.0613 1132  arc - ok
20:30:46.0832 1132  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
20:30:46.0941 1132  arcsas - ok
20:30:47.0378 1132  [ E67493490466B5F04B58C22D2590E8CA ] AsUpIO          C:\windows\system32\drivers\AsUpIO.sys
20:30:47.0440 1132  AsUpIO - ok
20:30:47.0971 1132  [ C4FB2613D3C75364BB159B9C23A00E7A ] AsusService    C:\Windows\System32\AsusService.exe
20:30:48.0080 1132  AsusService ( UnsignedFile.Multi.Generic ) - warning
20:30:48.0080 1132  AsusService - detected UnsignedFile.Multi.Generic (1)
20:30:48.0329 1132  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
20:30:49.0827 1132  AsyncMac - ok
20:30:50.0295 1132  [ 338C86357871C167A96AB976519BF59E ] atapi          C:\windows\system32\drivers\atapi.sys
20:30:50.0357 1132  atapi - ok
20:30:52.0354 1132  [ 31CB2740BFDBAC1E48E2B7EAD38F0D27 ] athr            C:\windows\system32\DRIVERS\athr.sys
20:30:53.0774 1132  athr - ok
20:30:54.0195 1132  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
20:30:54.0632 1132  AudioEndpointBuilder - ok
20:30:54.0882 1132  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\windows\System32\Audiosrv.dll
20:30:55.0100 1132  Audiosrv - ok
20:30:55.0490 1132  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
20:30:55.0584 1132  avgntflt - ok
20:30:56.0036 1132  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
20:30:56.0098 1132  avipbb - ok
20:30:56.0223 1132  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
20:30:56.0286 1132  avkmgr - ok
20:30:56.0832 1132  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\windows\System32\AxInstSV.dll
20:30:58.0548 1132  AxInstSV - ok
20:30:59.0250 1132  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\windows\system32\DRIVERS\bxvbdx.sys
20:30:59.0749 1132  b06bdrv - ok
20:30:59.0998 1132  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
20:31:00.0186 1132  b57nd60x - ok
20:31:01.0059 1132  [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc          C:\Program Files\Microsoft\BingBar\BBSvc.EXE
20:31:01.0106 1132  BBSvc - ok
20:31:01.0371 1132  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
20:31:02.0026 1132  BDESVC - ok
20:31:02.0260 1132  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
20:31:02.0338 1132  Beep - ok
20:31:02.0962 1132  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE            C:\windows\System32\bfe.dll
20:31:03.0243 1132  BFE - ok
20:31:03.0430 1132  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\windows\System32\qmgr.dll
20:31:03.0696 1132  BITS - ok
20:31:03.0961 1132  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
20:31:04.0086 1132  blbdrive - ok
20:31:04.0288 1132  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
20:31:05.0287 1132  bowser - ok
20:31:05.0583 1132  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
20:31:06.0441 1132  BrFiltLo - ok
20:31:06.0831 1132  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
20:31:07.0284 1132  BrFiltUp - ok
20:31:08.0438 1132  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser        C:\windows\System32\browser.dll
20:31:09.0156 1132  Browser - ok
20:31:09.0546 1132  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\windows\System32\Drivers\Brserid.sys
20:31:10.0092 1132  Brserid - ok
20:31:10.0294 1132  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
20:31:10.0482 1132  BrSerWdm - ok
20:31:10.0560 1132  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
20:31:10.0731 1132  BrUsbMdm - ok
20:31:10.0794 1132  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
20:31:11.0012 1132  BrUsbSer - ok
20:31:11.0277 1132  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum        C:\windows\system32\drivers\BthEnum.sys
20:31:12.0868 1132  BthEnum - ok
20:31:13.0102 1132  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
20:31:13.0165 1132  BTHMODEM - ok
20:31:13.0336 1132  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
20:31:13.0430 1132  BthPan - ok
20:31:13.0758 1132  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT        C:\windows\System32\Drivers\BTHport.sys
20:31:14.0023 1132  BTHPORT - ok
20:31:14.0163 1132  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\windows\system32\bthserv.dll
20:31:16.0191 1132  bthserv - ok
20:31:16.0316 1132  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
20:31:16.0519 1132  BTHUSB - ok
20:31:16.0597 1132  btwaudio - ok
20:31:16.0722 1132  btwavdt - ok
20:31:16.0753 1132  btwl2cap - ok
20:31:16.0784 1132  btwrchid - ok
20:31:16.0878 1132  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
20:31:17.0080 1132  cdfs - ok
20:31:17.0330 1132  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom          C:\windows\system32\drivers\cdrom.sys
20:31:17.0673 1132  cdrom - ok
20:31:17.0938 1132  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc    C:\windows\System32\certprop.dll
20:31:19.0654 1132  CertPropSvc - ok
20:31:19.0795 1132  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
20:31:20.0356 1132  circlass - ok
20:31:20.0622 1132  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
20:31:20.0715 1132  CLFS - ok
20:31:21.0370 1132  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:31:21.0433 1132  clr_optimization_v2.0.50727_32 - ok
20:31:22.0369 1132  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:31:22.0462 1132  clr_optimization_v4.0.30319_32 - ok
20:31:22.0540 1132  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
20:31:22.0852 1132  CmBatt - ok
20:31:22.0962 1132  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\drivers\cmdide.sys
20:31:23.0008 1132  cmdide - ok
20:31:23.0133 1132  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG            C:\windows\system32\Drivers\cng.sys
20:31:23.0289 1132  CNG - ok
20:31:23.0430 1132  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
20:31:23.0492 1132  Compbatt - ok
20:31:23.0664 1132  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
20:31:24.0069 1132  CompositeBus - ok
20:31:24.0194 1132  COMSysApp - ok
20:31:24.0319 1132  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\windows\system32\DRIVERS\crcdisk.sys
20:31:24.0381 1132  crcdisk - ok
20:31:24.0568 1132  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\windows\system32\cryptsvc.dll
20:31:25.0692 1132  CryptSvc - ok
20:31:25.0957 1132  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\windows\system32\rpcss.dll
20:31:27.0111 1132  DcomLaunch - ok
20:31:27.0220 1132  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\windows\System32\defragsvc.dll
20:31:28.0406 1132  defragsvc - ok
20:31:28.0515 1132  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
20:31:28.0687 1132  DfsC - ok
20:31:28.0905 1132  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\windows\system32\dhcpcore.dll
20:31:29.0061 1132  Dhcp - ok
20:31:29.0202 1132  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
20:31:29.0404 1132  discache - ok
20:31:29.0592 1132  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\DRIVERS\disk.sys
20:31:29.0638 1132  Disk - ok
20:31:29.0826 1132  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\windows\System32\dnsrslvr.dll
20:31:30.0169 1132  Dnscache - ok
20:31:30.0372 1132  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc        C:\windows\System32\dot3svc.dll
20:31:30.0606 1132  dot3svc - ok
20:31:30.0699 1132  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS            C:\windows\system32\dps.dll
20:31:30.0933 1132  DPS - ok
20:31:31.0105 1132  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\windows\system32\drivers\drmkaud.sys
20:31:31.0308 1132  drmkaud - ok
20:31:31.0604 1132  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl        C:\windows\System32\drivers\dxgkrnl.sys
20:31:31.0822 1132  DXGKrnl - ok
20:31:31.0994 1132  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\windows\System32\eapsvc.dll
20:31:32.0166 1132  EapHost - ok
20:31:32.0821 1132  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\windows\system32\DRIVERS\evbdx.sys
20:31:33.0398 1132  ebdrv - ok
20:31:33.0460 1132  [ 81951F51E318AECC2D68559E47485CC4 ] EFS            C:\windows\System32\lsass.exe
20:31:33.0882 1132  EFS - ok
20:31:34.0303 1132  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\windows\system32\DRIVERS\elxstor.sys
20:31:34.0506 1132  elxstor - ok
20:31:34.0646 1132  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\drivers\errdev.sys
20:31:35.0005 1132  ErrDev - ok
20:31:35.0520 1132  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\windows\system32\es.dll
20:31:35.0832 1132  EventSystem - ok
20:31:35.0941 1132  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\windows\system32\drivers\exfat.sys
20:31:36.0830 1132  exfat - ok
20:31:36.0970 1132  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\windows\system32\drivers\fastfat.sys
20:31:37.0360 1132  fastfat - ok
20:31:37.0688 1132  [ 967EA5B213E9984CBE270205DF37755B ] Fax            C:\windows\system32\fxssvc.exe
20:31:40.0948 1132  Fax - ok
20:31:42.0274 1132  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\windows\system32\DRIVERS\fdc.sys
20:31:44.0271 1132  fdc - ok
20:31:44.0552 1132  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\windows\system32\fdPHost.dll
20:31:48.0608 1132  fdPHost - ok
20:31:49.0014 1132  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
20:31:49.0170 1132  FDResPub - ok
20:31:49.0388 1132  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
20:31:49.0450 1132  FileInfo - ok
20:31:49.0653 1132  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\windows\system32\drivers\filetrace.sys
20:31:50.0355 1132  Filetrace - ok
20:31:50.0995 1132  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
20:31:51.0104 1132  flpydisk - ok
20:31:51.0369 1132  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
20:31:51.0432 1132  FltMgr - ok
20:31:53.0179 1132  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache      C:\windows\system32\FntCache.dll
20:31:54.0567 1132  FontCache - ok
20:31:54.0973 1132  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:31:55.0020 1132  FontCache3.0.0.0 - ok
20:31:55.0300 1132  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\windows\system32\drivers\FsDepends.sys
20:31:55.0332 1132  FsDepends - ok
20:31:56.0299 1132  [ D909075FA72C090F27AA926C32CB4612 ] fssfltr        C:\windows\system32\DRIVERS\fssfltr.sys
20:31:56.0346 1132  fssfltr - ok
20:31:57.0250 1132  [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
20:31:57.0469 1132  fsssvc - ok
20:31:57.0765 1132  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
20:31:57.0812 1132  Fs_Rec - ok
20:31:57.0999 1132  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
20:31:58.0311 1132  fvevol - ok
20:31:58.0592 1132  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
20:31:58.0654 1132  gagp30kx - ok
20:31:59.0091 1132  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc          C:\windows\System32\gpsvc.dll
20:32:01.0135 1132  gpsvc - ok
20:32:02.0118 1132  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
20:32:02.0180 1132  gupdate - ok
20:32:02.0289 1132  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:32:02.0352 1132  gupdatem - ok
20:32:02.0523 1132  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
20:32:03.0350 1132  hcw85cir - ok
20:32:03.0553 1132  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
20:32:04.0114 1132  HdAudAddService - ok
20:32:04.0411 1132  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
20:32:04.0598 1132  HDAudBus - ok
20:32:04.0801 1132  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\windows\system32\DRIVERS\HidBatt.sys
20:32:04.0910 1132  HidBatt - ok
20:32:05.0019 1132  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
20:32:05.0596 1132  HidBth - ok
20:32:05.0908 1132  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\windows\system32\DRIVERS\hidir.sys
20:32:05.0986 1132  HidIr - ok
20:32:06.0252 1132  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\windows\system32\hidserv.dll
20:32:06.0470 1132  hidserv - ok
20:32:06.0704 1132  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\windows\system32\drivers\hidusb.sys
20:32:07.0078 1132  HidUsb - ok
20:32:07.0188 1132  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\windows\system32\kmsvc.dll
20:32:07.0375 1132  hkmsvc - ok
20:32:07.0546 1132  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
20:32:08.0248 1132  HomeGroupListener - ok
20:32:08.0607 1132  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
20:32:08.0872 1132  HomeGroupProvider - ok
20:32:09.0309 1132  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
20:32:09.0403 1132  HpSAMD - ok
20:32:10.0027 1132  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\windows\system32\drivers\HTTP.sys
20:32:10.0198 1132  HTTP - ok
20:32:10.0386 1132  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
20:32:10.0448 1132  hwpolicy - ok
20:32:10.0620 1132  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
20:32:10.0776 1132  i8042prt - ok
20:32:11.0025 1132  [ D483687EACE0C065EE772481A96E05F5 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
20:32:11.0166 1132  iaStor - ok
20:32:11.0400 1132  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV        C:\windows\system32\drivers\iaStorV.sys
20:32:11.0478 1132  iaStorV - ok
20:32:11.0977 1132  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc          C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:32:12.0102 1132  idsvc - ok
20:32:13.0318 1132  [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
20:32:14.0020 1132  igfx - ok
20:32:15.0175 1132  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\windows\system32\DRIVERS\iirsp.sys
20:32:15.0222 1132  iirsp - ok
20:32:17.0390 1132  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\windows\System32\ikeext.dll
20:32:17.0920 1132  IKEEXT - ok
20:32:20.0370 1132  [ DB96B8BD676BB24BD4F1DC53CA1F182C ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
20:32:20.0666 1132  IntcAzAudAddService - ok
20:32:20.0869 1132  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\drivers\intelide.sys
20:32:20.0947 1132  intelide - ok
20:32:21.0072 1132  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
20:32:21.0196 1132  intelppm - ok
20:32:21.0337 1132  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\windows\system32\ipbusenum.dll
20:32:21.0493 1132  IPBusEnum - ok
20:32:21.0930 1132  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
20:32:22.0039 1132  IpFilterDriver - ok
20:32:22.0444 1132  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
20:32:22.0647 1132  iphlpsvc - ok
20:32:22.0725 1132  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV        C:\windows\system32\drivers\IPMIDrv.sys
20:32:22.0850 1132  IPMIDRV - ok
20:32:23.0146 1132  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\windows\system32\drivers\ipnat.sys
20:32:23.0271 1132  IPNAT - ok
20:32:23.0443 1132  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
20:32:24.0114 1132  IRENUM - ok
20:32:24.0348 1132  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\drivers\isapnp.sys
20:32:24.0410 1132  isapnp - ok
20:32:24.0504 1132  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
20:32:24.0566 1132  iScsiPrt - ok
20:32:24.0816 1132  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
20:32:24.0878 1132  kbdclass - ok
20:32:25.0003 1132  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
20:32:25.0112 1132  kbdhid - ok
20:32:25.0346 1132  [ 3EB803312987FF44265C87CB960DF6AB ] kbfiltr        C:\windows\system32\DRIVERS\kbfiltr.sys
20:32:25.0408 1132  kbfiltr - ok
20:32:25.0455 1132  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\windows\system32\lsass.exe
20:32:25.0611 1132  KeyIso - ok
20:32:25.0736 1132  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
20:32:25.0814 1132  KSecDD - ok
20:32:26.0422 1132  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg        C:\windows\system32\Drivers\ksecpkg.sys
20:32:26.0469 1132  KSecPkg - ok
20:32:26.0641 1132  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\windows\system32\msdtckrm.dll
20:32:26.0859 1132  KtmRm - ok
20:32:27.0078 1132  [ A158CEA8644B8A5C1EC0E9A81B70F65A ] L1C            C:\windows\system32\DRIVERS\L1C62x86.sys
20:32:27.0280 1132  L1C - ok
20:32:27.0530 1132  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\windows\system32\srvsvc.dll
20:32:27.0702 1132  LanmanServer - ok
20:32:28.0092 1132  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
20:32:28.0372 1132  LanmanWorkstation - ok
20:32:28.0513 1132  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
20:32:28.0622 1132  lltdio - ok
20:32:28.0809 1132  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\windows\System32\lltdsvc.dll
20:32:28.0996 1132  lltdsvc - ok
20:32:29.0152 1132  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\windows\System32\lmhsvc.dll
20:32:29.0262 1132  lmhosts - ok
20:32:29.0402 1132  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
20:32:29.0496 1132  LSI_FC - ok
20:32:30.0650 1132  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\windows\system32\DRIVERS\lsi_sas.sys
20:32:31.0368 1132  LSI_SAS - ok
20:32:31.0851 1132  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
20:32:31.0898 1132  LSI_SAS2 - ok
20:32:31.0992 1132  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
20:32:32.0054 1132  LSI_SCSI - ok
20:32:32.0194 1132  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\windows\system32\drivers\luafv.sys
20:32:32.0382 1132  luafv - ok
20:32:32.0538 1132  [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter      C:\windows\system32\drivers\massfilter.sys
20:32:32.0694 1132  massfilter - ok
20:32:32.0818 1132  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\windows\system32\DRIVERS\megasas.sys
20:32:32.0865 1132  megasas - ok
20:32:33.0146 1132  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
20:32:33.0208 1132  MegaSR - ok
20:32:33.0474 1132  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\windows\system32\mmcss.dll
20:32:33.0598 1132  MMCSS - ok
20:32:33.0708 1132  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\windows\system32\drivers\modem.sys
20:32:34.0020 1132  Modem - ok
20:32:34.0316 1132  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\windows\system32\DRIVERS\monitor.sys
20:32:34.0425 1132  monitor - ok
20:32:34.0581 1132  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\drivers\mouclass.sys
20:32:34.0644 1132  mouclass - ok
20:32:34.0846 1132  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
20:32:34.0956 1132  mouhid - ok
20:32:35.0096 1132  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
20:32:35.0190 1132  mountmgr - ok
20:32:35.0486 1132  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:32:35.0548 1132  MozillaMaintenance - ok
20:32:35.0736 1132  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\windows\system32\drivers\mpio.sys
20:32:35.0814 1132  mpio - ok
20:32:35.0876 1132  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
20:32:36.0032 1132  mpsdrv - ok
20:32:36.0391 1132  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\windows\system32\mpssvc.dll
20:32:36.0625 1132  MpsSvc - ok
20:32:36.0890 1132  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
20:32:37.0186 1132  MRxDAV - ok
20:32:37.0358 1132  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
20:32:37.0576 1132  mrxsmb - ok
20:32:37.0951 1132  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
20:32:38.0169 1132  mrxsmb10 - ok
20:32:38.0232 1132  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
20:32:38.0325 1132  mrxsmb20 - ok
20:32:38.0403 1132  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\windows\system32\drivers\msahci.sys
20:32:38.0450 1132  msahci - ok
20:32:38.0668 1132  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm          C:\windows\system32\drivers\msdsm.sys
20:32:38.0731 1132  msdsm - ok
20:32:38.0778 1132  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\windows\System32\msdtc.exe
20:32:38.0965 1132  MSDTC - ok
20:32:39.0136 1132  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
20:32:39.0292 1132  Msfs - ok
20:32:39.0324 1132  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\windows\System32\drivers\mshidkmdf.sys
20:32:39.0480 1132  mshidkmdf - ok
20:32:39.0542 1132  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
20:32:39.0573 1132  msisadrv - ok
20:32:39.0760 1132  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\windows\system32\iscsiexe.dll
20:32:39.0994 1132  MSiSCSI - ok
20:32:40.0010 1132  msiserver - ok
20:32:40.0275 1132  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\windows\system32\drivers\MSKSSRV.sys
20:32:40.0447 1132  MSKSSRV - ok
20:32:40.0837 1132  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
20:32:40.0993 1132  MSPCLOCK - ok
20:32:41.0055 1132  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\windows\system32\drivers\MSPQM.sys
20:32:41.0180 1132  MSPQM - ok
20:32:41.0289 1132  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\windows\system32\drivers\MsRPC.sys
20:32:41.0336 1132  MsRPC - ok
20:32:41.0461 1132  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
20:32:41.0523 1132  mssmbios - ok
20:32:41.0757 1132  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\windows\system32\drivers\MSTEE.sys
20:32:42.0100 1132  MSTEE - ok
20:32:42.0194 1132  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
20:32:42.0303 1132  MTConfig - ok
20:32:42.0381 1132  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\windows\system32\Drivers\mup.sys
20:32:42.0412 1132  Mup - ok
20:32:42.0631 1132  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\windows\system32\qagentRT.dll
20:32:42.0834 1132  napagent - ok
20:32:43.0192 1132  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\windows\system32\DRIVERS\nwifi.sys
20:32:43.0333 1132  NativeWifiP - ok
20:32:43.0442 1132  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\windows\system32\drivers\ndis.sys
20:32:43.0551 1132  NDIS - ok
20:32:43.0692 1132  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\windows\system32\DRIVERS\ndiscap.sys
20:32:43.0863 1132  NdisCap - ok
20:32:44.0019 1132  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
20:32:44.0160 1132  NdisTapi - ok
20:32:44.0331 1132  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio        C:\windows\system32\DRIVERS\ndisuio.sys
20:32:44.0472 1132  Ndisuio - ok
20:32:44.0534 1132  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan        C:\windows\system32\DRIVERS\ndiswan.sys
20:32:44.0706 1132  NdisWan - ok
20:32:44.0784 1132  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy        C:\windows\system32\drivers\NDProxy.sys
20:32:44.0908 1132  NDProxy - ok
20:32:45.0033 1132  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\windows\system32\DRIVERS\netbios.sys
20:32:45.0158 1132  NetBIOS - ok
20:32:45.0252 1132  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT          C:\windows\system32\DRIVERS\netbt.sys
20:32:45.0392 1132  NetBT - ok
20:32:45.0439 1132  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\windows\system32\lsass.exe
20:32:45.0486 1132  Netlogon - ok
20:32:45.0844 1132  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
20:32:46.0000 1132  Netman - ok
20:32:46.0032 1132  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
20:32:46.0188 1132  netprofm - ok
20:32:46.0312 1132  [ 596E25B4631DF2BE98FD2BADE8BCC625 ] netr28          C:\windows\system32\DRIVERS\netr28.sys
20:32:46.0468 1132  netr28 - ok
20:32:46.0546 1132  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:32:46.0593 1132  NetTcpPortSharing - ok
20:32:46.0718 1132  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\windows\system32\DRIVERS\nfrd960.sys
20:32:46.0765 1132  nfrd960 - ok
20:32:46.0890 1132  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\windows\System32\nlasvc.dll
20:32:47.0046 1132  NlaSvc - ok
20:32:47.0061 1132  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
20:32:47.0202 1132  Npfs - ok
20:32:47.0404 1132  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\windows\system32\nsisvc.dll
20:32:47.0545 1132  nsi - ok
20:32:47.0763 1132  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
20:32:47.0919 1132  nsiproxy - ok
20:32:48.0184 1132  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
20:32:48.0356 1132  Ntfs - ok
20:32:48.0403 1132  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
20:32:48.0543 1132  Null - ok
20:32:48.0668 1132  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\windows\system32\drivers\nvraid.sys
20:32:48.0715 1132  nvraid - ok
20:32:48.0809 1132  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\windows\system32\drivers\nvstor.sys
20:32:48.0855 1132  nvstor - ok
20:32:48.0980 1132  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
20:32:49.0027 1132  nv_agp - ok
20:32:49.0370 1132  [ 067E1B15B6EE1BA4496951ED991B1DD2 ] OberonGameConsoleService C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
20:32:49.0433 1132  OberonGameConsoleService - ok
20:32:50.0150 1132  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:32:50.0259 1132  odserv - ok
20:32:50.0337 1132  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
20:32:50.0384 1132  ohci1394 - ok
20:32:50.0431 1132  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:32:50.0540 1132  ose - ok
20:32:50.0681 1132  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
20:32:50.0883 1132  p2pimsvc - ok
20:32:51.0055 1132  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
20:32:51.0133 1132  p2psvc - ok
20:32:51.0211 1132  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\windows\system32\DRIVERS\parport.sys
20:32:51.0367 1132  Parport - ok
20:32:51.0461 1132  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr        C:\windows\system32\drivers\partmgr.sys
20:32:51.0523 1132  partmgr - ok
20:32:51.0617 1132  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
20:32:51.0726 1132  Parvdm - ok
20:32:51.0835 1132  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
20:32:51.0913 1132  PcaSvc - ok
20:32:51.0991 1132  [ 673E55C3498EB970088E812EA820AA8F ] pci            C:\windows\system32\drivers\pci.sys
20:32:52.0053 1132  pci - ok
20:32:52.0131 1132  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\drivers\pciide.sys
20:32:52.0178 1132  pciide - ok
20:32:52.0365 1132  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
20:32:52.0443 1132  pcmcia - ok
20:32:52.0568 1132  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\windows\system32\drivers\pcw.sys
20:32:52.0615 1132  pcw - ok
20:32:52.0833 1132  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
20:32:53.0083 1132  PEAUTH - ok
20:32:53.0426 1132  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla            C:\windows\system32\pla.dll
20:32:53.0754 1132  pla - ok
20:32:54.0097 1132  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\windows\system32\umpnpmgr.dll
20:32:54.0269 1132  PlugPlay - ok
20:32:54.0331 1132  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\windows\system32\pnrpauto.dll
20:32:54.0409 1132  PNRPAutoReg - ok
20:32:54.0487 1132  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\windows\system32\pnrpsvc.dll
20:32:54.0596 1132  PNRPsvc - ok
20:32:54.0705 1132  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent    C:\windows\System32\ipsecsvc.dll
20:32:54.0908 1132  PolicyAgent - ok
20:32:55.0049 1132  [ F87D30E72E03D579A5199CCB3831D6EA ] Power          C:\windows\system32\umpo.dll
20:32:55.0173 1132  Power - ok
20:32:55.0283 1132  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
20:32:55.0423 1132  PptpMiniport - ok
20:32:55.0548 1132  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\windows\system32\DRIVERS\processr.sys
20:32:55.0626 1132  Processor - ok
20:32:55.0735 1132  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc        C:\windows\system32\profsvc.dll
20:32:55.0891 1132  ProfSvc - ok
20:32:55.0922 1132  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
20:32:55.0985 1132  ProtectedStorage - ok
20:32:56.0094 1132  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
20:32:56.0234 1132  Psched - ok
20:32:56.0515 1132  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
20:32:56.0687 1132  ql2300 - ok
20:32:56.0749 1132  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
20:32:56.0796 1132  ql40xx - ok
20:32:56.0874 1132  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\windows\system32\qwave.dll
20:32:56.0999 1132  QWAVE - ok
20:32:57.0014 1132  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
20:32:57.0092 1132  QWAVEdrv - ok
20:32:57.0186 1132  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
20:32:57.0326 1132  RasAcd - ok
20:32:57.0404 1132  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\windows\system32\DRIVERS\AgileVpn.sys
20:32:57.0607 1132  RasAgileVpn - ok
20:32:57.0685 1132  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\windows\System32\rasauto.dll
20:32:57.0779 1132  RasAuto - ok
20:32:57.0966 1132  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\windows\system32\DRIVERS\rasl2tp.sys
20:32:58.0122 1132  Rasl2tp - ok
20:32:58.0278 1132  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\windows\System32\rasmans.dll
20:32:58.0465 1132  RasMan - ok
20:32:58.0559 1132  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
20:32:58.0637 1132  RasPppoe - ok
20:32:58.0730 1132  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\windows\system32\DRIVERS\rassstp.sys
20:32:58.0886 1132  RasSstp - ok
20:32:59.0089 1132  [ D528BC58A489409BA40334EBF96A311B ] rdbss          C:\windows\system32\DRIVERS\rdbss.sys
20:32:59.0229 1132  rdbss - ok
20:32:59.0307 1132  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
20:32:59.0401 1132  rdpbus - ok
20:32:59.0573 1132  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
20:32:59.0729 1132  RDPCDD - ok
20:32:59.0807 1132  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
20:32:59.0916 1132  RDPENCDD - ok
20:32:59.0947 1132  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
20:33:00.0056 1132  RDPREFMP - ok
20:33:00.0134 1132  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD          C:\windows\system32\drivers\RDPWD.sys
20:33:00.0259 1132  RDPWD - ok
20:33:00.0353 1132  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
20:33:00.0415 1132  rdyboost - ok
20:33:00.0477 1132  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
20:33:00.0587 1132  RemoteAccess - ok
20:33:00.0665 1132  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
20:33:00.0758 1132  RemoteRegistry - ok
20:33:00.0852 1132  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
20:33:00.0977 1132  RFCOMM - ok
20:33:01.0039 1132  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
20:33:01.0195 1132  RpcEptMapper - ok
20:33:01.0257 1132  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
20:33:01.0335 1132  RpcLocator - ok
20:33:01.0413 1132  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs          C:\windows\system32\rpcss.dll
20:33:01.0538 1132  RpcSs - ok
20:33:01.0601 1132  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
20:33:01.0725 1132  rspndr - ok
20:33:01.0803 1132  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs          C:\windows\system32\lsass.exe
20:33:01.0850 1132  SamSs - ok
20:33:01.0959 1132  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
20:33:02.0022 1132  sbp2port - ok
20:33:02.0100 1132  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
20:33:02.0256 1132  SCardSvr - ok
20:33:02.0334 1132  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
20:33:02.0412 1132  scfilter - ok
20:33:02.0537 1132  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\windows\system32\schedsvc.dll
20:33:02.0708 1132  Schedule - ok
20:33:02.0771 1132  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc    C:\windows\System32\certprop.dll
20:33:02.0849 1132  SCPolicySvc - ok
20:33:02.0989 1132  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\windows\System32\SDRSVC.dll
20:33:03.0285 1132  SDRSVC - ok
20:33:03.0504 1132  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort        C:\Program Files\Microsoft\BingBar\SeaPort.EXE
20:33:03.0582 1132  SeaPort - ok
20:33:03.0753 1132  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
20:33:03.0972 1132  secdrv - ok
20:33:04.0190 1132  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
20:33:04.0331 1132  seclogon - ok
20:33:04.0362 1132  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\System32\sens.dll
20:33:04.0518 1132  SENS - ok
20:33:04.0799 1132  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\windows\system32\DRIVERS\serenum.sys
20:33:04.0877 1132  Serenum - ok
20:33:04.0955 1132  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\DRIVERS\serial.sys
20:33:05.0017 1132  Serial - ok
20:33:05.0220 1132  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
20:33:05.0329 1132  sermouse - ok
20:33:05.0501 1132  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\windows\system32\sessenv.dll
20:33:05.0610 1132  SessionEnv - ok
20:33:05.0703 1132  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\windows\system32\drivers\sffdisk.sys
20:33:05.0781 1132  sffdisk - ok
20:33:05.0797 1132  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
20:33:05.0922 1132  sffp_mmc - ok
20:33:05.0953 1132  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd        C:\windows\system32\drivers\sffp_sd.sys
20:33:06.0062 1132  sffp_sd - ok
20:33:06.0187 1132  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\windows\system32\DRIVERS\sfloppy.sys
20:33:06.0265 1132  sfloppy - ok
20:33:06.0468 1132  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
20:33:06.0639 1132  SharedAccess - ok
20:33:06.0749 1132  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
20:33:06.0905 1132  ShellHWDetection - ok
20:33:07.0061 1132  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\drivers\sisagp.sys
20:33:07.0123 1132  sisagp - ok
20:33:07.0279 1132  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
20:33:07.0326 1132  SiSRaid2 - ok
20:33:07.0341 1132  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
20:33:07.0388 1132  SiSRaid4 - ok
20:33:07.0560 1132  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
20:33:07.0607 1132  SkypeUpdate - ok
20:33:07.0794 1132  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\windows\system32\DRIVERS\smb.sys
20:33:07.0981 1132  Smb - ok
20:33:08.0137 1132  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
20:33:08.0262 1132  SNMPTRAP - ok
20:33:08.0309 1132  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\windows\system32\drivers\spldr.sys
20:33:08.0371 1132  spldr - ok
20:33:08.0605 1132  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler        C:\windows\System32\spoolsv.exe
20:33:08.0917 1132  Spooler - ok
20:33:09.0603 1132  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\windows\system32\sppsvc.exe
20:33:09.0962 1132  sppsvc - ok
20:33:10.0118 1132  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify    C:\windows\system32\sppuinotify.dll
20:33:10.0259 1132  sppuinotify - ok
20:33:10.0399 1132  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv            C:\windows\system32\DRIVERS\srv.sys
20:33:10.0586 1132  srv - ok
20:33:10.0773 1132  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\windows\system32\DRIVERS\srv2.sys
20:33:10.0945 1132  srv2 - ok
20:33:11.0007 1132  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
20:33:11.0179 1132  srvnet - ok
20:33:11.0304 1132  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\windows\System32\ssdpsrv.dll
20:33:11.0491 1132  SSDPSRV - ok
20:33:11.0897 1132  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\windows\system32\DRIVERS\ssmdrv.sys
20:33:11.0943 1132  ssmdrv - ok
20:33:12.0053 1132  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\windows\system32\sstpsvc.dll
20:33:12.0224 1132  SstpSvc - ok
20:33:12.0411 1132  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
20:33:12.0458 1132  stexstor - ok
20:33:12.0708 1132  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\windows\System32\wiaservc.dll
20:33:12.0879 1132  StiSvc - ok
20:33:12.0989 1132  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\drivers\swenum.sys
20:33:13.0051 1132  swenum - ok
20:33:13.0129 1132  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\windows\System32\swprv.dll
20:33:13.0238 1132  swprv - ok
20:33:13.0535 1132  [ 8BD10DC8809DC69A1C5A795CB10ADD76 ] SynTP          C:\windows\system32\DRIVERS\SynTP.sys
20:33:13.0597 1132  SynTP - ok
20:33:13.0893 1132  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain        C:\windows\system32\sysmain.dll
20:33:14.0081 1132  SysMain - ok
20:33:14.0159 1132  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
20:33:14.0252 1132  TabletInputService - ok
20:33:14.0361 1132  [ 613BF4820361543956909043A265C6AC ] TapiSrv        C:\windows\System32\tapisrv.dll
20:33:14.0471 1132  TapiSrv - ok
20:33:14.0611 1132  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\windows\System32\tbssvc.dll
20:33:14.0767 1132  TBS - ok
20:33:15.0141 1132  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip          C:\windows\system32\drivers\tcpip.sys
20:33:15.0329 1132  Tcpip - ok
20:33:15.0672 1132  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
20:33:16.0031 1132  TCPIP6 - ok
20:33:16.0171 1132  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
20:33:16.0265 1132  tcpipreg - ok
20:33:16.0421 1132  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
20:33:16.0670 1132  TDPIPE - ok
20:33:16.0764 1132  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP          C:\windows\system32\drivers\tdtcp.sys
20:33:16.0889 1132  TDTCP - ok
20:33:16.0998 1132  [ B459575348C20E8121D6039DA063C704 ] tdx            C:\windows\system32\DRIVERS\tdx.sys
20:33:17.0138 1132  tdx - ok
20:33:17.0232 1132  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\windows\system32\drivers\termdd.sys
20:33:17.0294 1132  TermDD - ok
20:33:17.0497 1132  [ 382C804C92811BE57829D8E550A900E2 ] TermService    C:\windows\System32\termsrv.dll
20:33:17.0669 1132  TermService - ok
20:33:17.0793 1132  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
20:33:17.0871 1132  Themes - ok
20:33:17.0918 1132  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\windows\system32\mmcss.dll
20:33:17.0996 1132  THREADORDER - ok
20:33:18.0168 1132  [ 722480EAB3708D3A28C90593BFB86A74 ] tmactmon        C:\windows\system32\DRIVERS\tmactmon.sys
20:33:18.0215 1132  tmactmon - ok
20:33:18.0636 1132  [ 7763CC9A04FA3CE9DD70987CCBBC707E ] tmcomm          C:\windows\system32\DRIVERS\tmcomm.sys
20:33:18.0714 1132  tmcomm - ok
20:33:18.0807 1132  [ 000AC70DEAE3C38B2BC259BF796AAD4D ] tmevtmgr        C:\windows\system32\DRIVERS\tmevtmgr.sys
20:33:18.0854 1132  tmevtmgr - ok
20:33:18.0995 1132  [ D7E61F0274F8CB75251B08D52B03EF98 ] tmtdi          C:\windows\system32\DRIVERS\tmtdi.sys
20:33:19.0026 1132  tmtdi - ok
20:33:19.0166 1132  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
20:33:19.0322 1132  TrkWks - ok
20:33:19.0587 1132  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
20:33:19.0743 1132  TrustedInstaller - ok
20:33:19.0853 1132  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
20:33:19.0946 1132  tssecsrv - ok
20:33:20.0133 1132  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
20:33:20.0367 1132  TsUsbFlt - ok
20:33:20.0617 1132  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
20:33:20.0726 1132  tunnel - ok
20:33:20.0835 1132  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
20:33:20.0867 1132  uagp35 - ok
20:33:20.0960 1132  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\windows\system32\DRIVERS\udfs.sys
20:33:21.0069 1132  udfs - ok
20:33:21.0693 1132  [ EC23505F255D0DA9230A3237EF5839AD ] UI Assistant Service C:\Program Files\Mobile Partner Manager\AssistantServices.exe
20:33:21.0834 1132  UI Assistant Service ( UnsignedFile.Multi.Generic ) - warning
20:33:21.0834 1132  UI Assistant Service - detected UnsignedFile.Multi.Generic (1)
20:33:22.0021 1132  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\windows\system32\UI0Detect.exe
20:33:22.0083 1132  UI0Detect - ok
20:33:22.0286 1132  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
20:33:22.0349 1132  uliagpkx - ok
20:33:22.0427 1132  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus          C:\windows\system32\drivers\umbus.sys
20:33:22.0505 1132  umbus - ok
20:33:22.0583 1132  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
20:33:22.0707 1132  UmPass - ok
20:33:22.0910 1132  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
20:33:23.0129 1132  upnphost - ok
20:33:23.0175 1132  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp        C:\windows\system32\DRIVERS\usbccgp.sys
20:33:23.0331 1132  usbccgp - ok
20:33:23.0565 1132  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\windows\system32\drivers\usbcir.sys
20:33:23.0675 1132  usbcir - ok
20:33:23.0799 1132  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci        C:\windows\system32\drivers\usbehci.sys
20:33:23.0862 1132  usbehci - ok
20:33:23.0971 1132  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
20:33:24.0111 1132  usbhub - ok
20:33:24.0299 1132  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci        C:\windows\system32\drivers\usbohci.sys
20:33:24.0423 1132  usbohci - ok
20:33:24.0548 1132  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
20:33:24.0642 1132  usbprint - ok
20:33:24.0798 1132  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan        C:\windows\system32\DRIVERS\usbscan.sys
20:33:24.0860 1132  usbscan - ok
20:33:24.0907 1132  [ F991AB9CC6B908DB552166768176896A ] USBSTOR        C:\windows\system32\DRIVERS\USBSTOR.SYS
20:33:25.0157 1132  USBSTOR - ok
20:33:25.0313 1132  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci        C:\windows\system32\drivers\usbuhci.sys
20:33:25.0484 1132  usbuhci - ok
20:33:25.0671 1132  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
20:33:25.0781 1132  usbvideo - ok
20:33:25.0921 1132  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\windows\System32\uxsms.dll
20:33:26.0061 1132  UxSms - ok
20:33:26.0124 1132  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\windows\system32\lsass.exe
20:33:26.0264 1132  VaultSvc - ok
20:33:26.0389 1132  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
20:33:26.0451 1132  vdrvroot - ok
20:33:26.0592 1132  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds            C:\windows\System32\vds.exe
20:33:26.0779 1132  vds - ok
20:33:27.0029 1132  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\windows\system32\DRIVERS\vgapnp.sys
20:33:27.0216 1132  vga - ok
20:33:27.0309 1132  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\windows\System32\drivers\vga.sys
20:33:27.0450 1132  VgaSave - ok
20:33:27.0559 1132  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp          C:\windows\system32\drivers\vhdmp.sys
20:33:27.0621 1132  vhdmp - ok
20:33:27.0762 1132  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\drivers\viaagp.sys
20:33:27.0809 1132  viaagp - ok
20:33:27.0871 1132  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\windows\system32\DRIVERS\viac7.sys
20:33:27.0933 1132  ViaC7 - ok
20:33:28.0058 1132  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\drivers\viaide.sys
20:33:28.0121 1132  viaide - ok
20:33:28.0199 1132  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\windows\system32\drivers\volmgr.sys
20:33:28.0261 1132  volmgr - ok
20:33:28.0448 1132  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\windows\system32\drivers\volmgrx.sys
20:33:28.0573 1132  volmgrx - ok
20:33:28.0635 1132  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap        C:\windows\system32\drivers\volsnap.sys
20:33:28.0698 1132  volsnap - ok
20:33:28.0823 1132  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\windows\system32\DRIVERS\vsmraid.sys
20:33:28.0869 1132  vsmraid - ok
20:33:29.0119 1132  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS            C:\windows\system32\vssvc.exe
20:33:29.0306 1132  VSS - ok
20:33:29.0431 1132  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
20:33:29.0571 1132  vwifibus - ok
20:33:29.0712 1132  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
20:33:29.0821 1132  vwififlt - ok
20:33:30.0008 1132  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\windows\system32\w32time.dll
20:33:30.0211 1132  W32Time - ok
20:33:30.0289 1132  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
20:33:30.0383 1132  WacomPen - ok
20:33:30.0476 1132  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
20:33:30.0554 1132  WANARP - ok
20:33:30.0570 1132  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
20:33:30.0648 1132  Wanarpv6 - ok
20:33:31.0022 1132  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\windows\system32\wbengine.exe
20:33:31.0319 1132  wbengine - ok
20:33:31.0459 1132  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
20:33:31.0584 1132  WbioSrvc - ok
20:33:31.0724 1132  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc        C:\windows\System32\wcncsvc.dll
20:33:31.0833 1132  wcncsvc - ok
20:33:31.0927 1132  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
20:33:32.0192 1132  WcsPlugInService - ok
20:33:32.0255 1132  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\DRIVERS\wd.sys
20:33:32.0301 1132  Wd - ok
20:33:32.0442 1132  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
20:33:32.0598 1132  Wdf01000 - ok
20:33:32.0738 1132  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
20:33:33.0081 1132  WdiServiceHost - ok
20:33:33.0113 1132  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\windows\system32\wdi.dll
20:33:33.0159 1132  WdiSystemHost - ok
20:33:33.0269 1132  [ A9D880F97530D5B8FEE278923349929D ] WebClient      C:\windows\System32\webclnt.dll
20:33:33.0409 1132  WebClient - ok
20:33:33.0534 1132  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
20:33:33.0705 1132  Wecsvc - ok
20:33:33.0752 1132  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\windows\System32\wercplsupport.dll
20:33:33.0877 1132  wercplsupport - ok
20:33:33.0971 1132  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
20:33:34.0111 1132  WerSvc - ok
20:33:34.0298 1132  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
20:33:34.0470 1132  WfpLwf - ok
20:33:34.0548 1132  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
20:33:34.0626 1132  WIMMount - ok
20:33:34.0751 1132  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
20:33:34.0891 1132  WinDefend - ok
20:33:34.0938 1132  WinHttpAutoProxySvc - ok
20:33:35.0109 1132  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\windows\system32\wbem\WMIsvc.dll
20:33:35.0250 1132  Winmgmt - ok
20:33:35.0468 1132  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM          C:\windows\system32\WsmSvc.dll
20:33:35.0749 1132  WinRM - ok
20:33:35.0905 1132  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
20:33:35.0999 1132  WinUsb - ok
20:33:36.0217 1132  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\windows\System32\wlansvc.dll
20:33:36.0435 1132  Wlansvc - ok
20:33:36.0966 1132  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:33:36.0997 1132  wlcrasvc - ok
20:33:37.0793 1132  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:33:37.0980 1132  wlidsvc - ok
20:33:38.0073 1132  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\windows\system32\drivers\wmiacpi.sys
20:33:38.0151 1132  WmiAcpi - ok
20:33:38.0229 1132  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
20:33:38.0307 1132  wmiApSrv - ok
20:33:38.0479 1132  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
20:33:38.0697 1132  WMPNetworkSvc - ok
20:33:38.0744 1132  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
20:33:38.0838 1132  WPCSvc - ok
20:33:38.0900 1132  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
20:33:39.0150 1132  WPDBusEnum - ok
20:33:39.0197 1132  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\windows\system32\drivers\ws2ifsl.sys
20:33:39.0290 1132  ws2ifsl - ok
20:33:39.0321 1132  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\windows\System32\wscsvc.dll
20:33:39.0415 1132  wscsvc - ok
20:33:39.0431 1132  WSearch - ok
20:33:39.0961 1132  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
20:33:40.0179 1132  wuauserv - ok
20:33:40.0211 1132  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
20:33:40.0289 1132  WudfPf - ok
20:33:40.0382 1132  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
20:33:40.0460 1132  WUDFRd - ok
20:33:40.0554 1132  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc        C:\windows\System32\WUDFSvc.dll
20:33:40.0710 1132  wudfsvc - ok
20:33:40.0772 1132  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\windows\System32\wwansvc.dll
20:33:40.0866 1132  WwanSvc - ok
20:33:40.0991 1132  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k    C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
20:33:41.0115 1132  ZTEusbmdm6k - ok
20:33:41.0147 1132  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea      C:\windows\system32\DRIVERS\ZTEusbnmea.sys
20:33:41.0193 1132  ZTEusbnmea - ok
20:33:41.0225 1132  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k    C:\windows\system32\DRIVERS\ZTEusbser6k.sys
20:33:41.0256 1132  ZTEusbser6k - ok
20:33:41.0318 1132  ================ Scan global ===============================
20:33:41.0412 1132  [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
20:33:41.0490 1132  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll
20:33:41.0521 1132  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll
20:33:41.0568 1132  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
20:33:41.0615 1132  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
20:33:41.0630 1132  [Global] - ok
20:33:41.0630 1132  ================ Scan MBR ==================================
20:33:41.0646 1132  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:33:42.0348 1132  \Device\Harddisk0\DR0 - ok
20:33:42.0348 1132  ================ Scan VBR ==================================
20:33:42.0363 1132  [ DDC7DAC6645BA0F136E2867A62CA5F90 ] \Device\Harddisk0\DR0\Partition1
20:33:42.0363 1132  \Device\Harddisk0\DR0\Partition1 - ok
20:33:42.0363 1132  ============================================================
20:33:42.0363 1132  Scan finished
20:33:42.0363 1132  ============================================================
20:33:42.0441 1408  Detected object count: 2
20:33:42.0441 1408  Actual detected object count: 2
20:34:08.0977 1408  AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
20:34:08.0977 1408  AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:34:08.0977 1408  UI Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:34:08.0977 1408  UI Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 22.10.2012 09:40
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

cosinus 22.10.2012 09:40
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

mcflash99 24.10.2012 18:53
Hier das ComboFix-Ergebnis:
Code:
ComboFix 12-10-24.02 - Owner 10/24/2012  19:23:59.1.2 - x86
Microsoft Windows 7 Starter  6.1.7601.1.1252.1.1033.18.1015.382 [GMT 2:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Trend Micro Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Trend Micro Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((((  Files Created from 2012-09-24 to 2012-10-24  )))))))))))))))))))))))))))))))
.
.
2012-10-24 17:42 . 2012-10-24 17:43        --------        d-----w-        c:\users\Owner\AppData\Local\temp
2012-10-24 17:42 . 2012-10-24 17:42        --------        d-----w-        c:\users\Owner2\AppData\Local\temp
2012-10-24 17:42 . 2012-10-24 17:42        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-19 15:19 . 2012-10-19 15:19        --------        d-----w-        C:\_OTL
2012-10-19 09:19 . 2012-10-19 09:20        --------        d-----w-        c:\users\Owner2\AppData\Roaming\Apple Computer
2012-10-15 15:54 . 2012-08-10 23:56        542208        ----a-w-        c:\windows\system32\kerberos.dll
2012-10-15 15:54 . 2012-06-02 04:36        1159680        ----a-w-        c:\windows\system32\crypt32.dll
2012-10-15 15:54 . 2012-06-02 04:36        140288        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-10-15 15:54 . 2012-06-02 04:36        103936        ----a-w-        c:\windows\system32\cryptnet.dll
2012-10-15 15:33 . 2012-08-30 17:12        3914096        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-10-15 15:33 . 2012-08-30 17:12        3968880        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-10-07 01:38 . 2012-10-07 01:38        --------        d-----w-        c:\users\Owner\AppData\Local\Macromedia
2012-10-04 18:42 . 2012-10-04 18:42        --------        d-----w-        c:\users\Owner\AppData\Roaming\Avira
2012-10-04 17:38 . 2012-10-04 17:38        696240        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-10-04 17:36 . 2012-10-04 17:36        --------        d-----w-        c:\users\Owner\AppData\Roaming\Apple Computer
2012-10-02 15:41 . 2012-10-02 15:41        --------        d-----w-        c:\programdata\Apple Computer
2012-09-26 13:56 . 2012-09-26 13:56        --------        d-----w-        c:\program files\ESET
2012-09-26 13:51 . 2012-09-26 13:51        --------        d-----w-        c:\users\Owner2\AppData\Roaming\Avira
2012-09-26 13:44 . 2012-09-07 18:26        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-09-26 13:44 . 2012-09-07 18:26        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-09-26 13:44 . 2012-09-07 18:26        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-09-26 13:44 . 2012-09-26 13:44        --------        d-----w-        c:\programdata\Avira
2012-09-26 13:44 . 2012-09-26 13:44        --------        d-----w-        c:\program files\Avira
2012-09-26 10:42 . 2012-05-04 09:59        514560        ----a-w-        c:\windows\system32\qdvd.dll
2012-09-26 10:37 . 2012-08-21 20:12        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-04 17:38 . 2011-07-10 05:42        73136        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-23 19:09 . 2012-09-23 19:10        477168        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-09-23 19:09 . 2010-09-17 06:57        473072        ----a-w-        c:\windows\system32\deployJava1.dll
2012-09-07 15:04 . 2012-09-23 19:00        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-08-24 06:59 . 2012-09-23 19:44        1800704        ----a-w-        c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-23 19:44        1129472        ----a-w-        c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-23 19:44        1427968        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 19:44        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 19:44        420864        ----a-w-        c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-23 19:44        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-23 19:22        1292144        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-23 19:22        712048        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-23 19:22        240496        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-23 19:22        187760        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-02 16:57 . 2012-09-23 19:21        490496        ----a-w-        c:\windows\system32\d3d10level9.dll
2012-07-29 03:26 . 2011-10-17 18:58        136672        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"HotKeyMon"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-11-17 414384]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Security\VizorHtmlDialog.exe" [2009-10-14 628016]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2009-10-14 116008]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"OOBESetup"="c:\program files\asus\OOBERegBackup\OOBERegBackup.exe" [2009-09-30 338096]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-02-08 2429]
"UIExec"="c:\program files\Mobile Partner Manager\UIExec.exe" [2009-12-02 132096]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-07 348664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37        843712        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-04 06:51        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 14:03        4283256        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-07-25 20:53        7601880        ----a-w-        c:\users\Owner\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-04-26 09:32        296056        ----a-w-        c:\program files\Real\RealPlayer\Update\realsched.exe
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 UI Assistant Service;UI Assistant Service;c:\program files\Mobile Partner Manager\AssistantServices.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-26 09:24]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-26 09:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1
DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} - hxxp://www.pixum.de/apps/EasyUploadX.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gmx.de/
FF - ExtSQL: 2012-09-23 21:10; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
  89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
  1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{22BF413B-C6D2-4D91-82A9-A0F997BA588C}"=hex:51,66,7a,6c,4c,1d,38,12,55,42,ac,
  26,e0,88,ff,08,fd,bf,e3,b9,92,e4,1c,98
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
  72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
  94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
  9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
  d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{D381FF29-7CFB-4D4E-B92A-C4EDDC696614}"=hex:51,66,7a,6c,4c,1d,38,12,47,fc,92,
  d7,c9,32,20,08,c6,3c,87,ad,d9,37,22,00
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
  df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
  fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
  b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:f1,27,e1,61,68,e0,cc,01
.
[HKEY_USERS\S-1-5-21-782359419-2307183593-61034220-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-782359419-2307183593-61034220-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-24  19:48:10
ComboFix-quarantined-files.txt  2012-10-24 17:48
.
Pre-Run: 69,017,518,080 bytes free
Post-Run: 68,687,593,472 bytes free
.
- - End Of File - - 0FE4792C736E92E8DE76FA9873AD3E0E

cosinus 24.10.2012 20:14
Code:
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Trend Micro Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
Sry sowas geht garnicht. Die kommen sich irgendwann gegenseitig in die Quere.
Deinstalliere umgehend deinen der beiden!

mcflash99 25.10.2012 17:53
Habe versucht, Trend Micro zu deinstallieren. Nachdem der Deinstaller und das Diagnosetool nicht geholfen haben, habe ich nach dieser Anleitung die Registryeinträge von Hand gelöscht:
hxxp://esupport.trendmicro.com/Pages/How-do-I-remove-old-or-new-versions-of-Trend-Micro-products-in-my-comp.aspx

Ich hoffe, dass es damit weg ist, es steht allerdings in der Softwareliste der Systemsteuerung leider noch drin :/

Viele Grüße,
mcflash99

cosinus 25.10.2012 21:17
Hilft das? => How to uninstall Trend Micro Internet Security 2010

mcflash99 26.10.2012 16:42
Nein, in meinem Fall ist das Diagnostic Toolkit nicht mit dabei. Ich habe es aber runtergeladen und damit versucht. Ich hoffe, dass das Teil nach dem Löschen der Registry-Einträge zumindest nicht mehr aktiv ist.

cosinus 26.10.2012 21:51
Ok, eine Kontrolle bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

mcflash99 27.10.2012 11:49
Hier die OTL.txt:
Code:
OTL logfile created on: 10/27/2012 10:46:01 AM - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Owner\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1015.24 Mb Total Physical Memory | 392.68 Mb Available Physical Memory | 38.68% Memory free
1.99 Gb Paging File | 1.27 Gb Available in Paging File | 64.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.03 Gb Total Space | 63.68 Gb Free Space | 45.80% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe ()
PRC - C:\Program Files\Mobile Partner Manager\AssistantServices.exe ()
PRC - C:\Program Files\Mobile Partner Manager\UIExec.exe ()
PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Trend Micro\Security\VizorHtmlDialog.exe (Trend Micro Inc.)
PRC - C:\Program Files\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mobile Partner Manager\UIExec.exe ()
MOD - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
MOD - C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll ()
MOD - C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (UI Assistant Service) -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe ()
SRV - (OberonGameConsoleService) -- C:\Program Files\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe ()
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Owner\AppData\Local\Temp\catchme.sys File not found
DRV - (btwrchid) -- C:\windows\system32\DRIVERS\btwrchid.sys File not found
DRV - (btwl2cap) -- system32\DRIVERS\btwl2cap.sys File not found
DRV - (btwavdt) -- C:\windows\system32\DRIVERS\btwavdt.sys File not found
DRV - (btwaudio) -- system32\drivers\btwaudio.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/result.htm?q={searchTerms}&SearchMashine=true
IE - HKU\S-1-5-21-782359419-2307183593-61034220-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..plasmoo.search.engine.prevkeywordurl: "data:text/plain,keyword.URL=hxxp://go.gmx.net/br/moz4_keyurl_search/?su="
FF - prefs.js..plasmoo.search.engine.prevsearchdefaultenginename: "data:text/plain,browser.search.defaultenginename=GMX Suche"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.3.37: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.3.37: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.3.37: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/26 11:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/02 17:42:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/02 17:42:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/02 17:42:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/02 17:42:30 | 000,000,000 | ---D | M]
 
[2010/02/19 23:00:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/10/07 03:39:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions
[2011/04/29 12:54:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/10/16 13:32:49 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\DivXWebPlayer@divx.com.xpi
[2012/10/07 03:39:01 | 000,493,426 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gg4vr7eb.default\extensions\toolbar@gmx.net.xpi
[2012/10/24 21:42:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/23 21:10:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/24 21:42:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2011/10/17 20:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/10/17 20:57:57 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2012/07/29 05:26:05 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/17 21:48:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/05/17 21:48:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/17 21:48:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/05/17 21:48:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/05/17 21:48:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/05/17 21:48:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\windows\system32\npdeployJava1.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
 
O1 HOSTS File: ([2012/10/24 19:42:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ASUS Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\ASUS\SystemSetting\StarterHelper.dll (ASUSTeK Computer Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [HotKeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe ()
O4 - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Security\VizorHtmlDialog.exe (Trend Micro Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-782359419-2307183593-61034220-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} hxxp://www.pixum.de/apps/EasyUploadX.cab (Pixum EasyUploadX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38B2D3DF-952F-4C07-A567-A559EC1145D5}: DhcpNameServer = 62.179.104.196 213.46.228.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7F131BC-7F3C-45CE-8059-189F353EEE76}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/25 18:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2012/10/24 21:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/10/24 21:42:18 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012/10/24 21:42:18 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012/10/24 21:42:18 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012/10/24 19:48:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/24 19:48:13 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/10/24 19:48:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2012/10/24 19:18:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/10/24 19:18:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/10/24 19:18:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/10/24 19:17:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/24 19:13:40 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/10/24 19:11:43 | 004,989,133 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/10/21 20:28:59 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/10/19 17:19:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/17 17:20:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/10/15 17:55:49 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe
[2012/10/15 17:55:49 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2012/10/15 17:55:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/10/15 17:55:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/15 17:55:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/15 17:55:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/10/15 17:55:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/10/15 17:55:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/15 17:55:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/15 17:55:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/15 17:55:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/10/15 17:55:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/15 17:55:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/15 17:55:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/10/15 17:55:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/10/15 17:55:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/15 17:55:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/10/15 17:55:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/10/15 17:55:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/10/15 17:55:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/15 17:55:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/15 17:55:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/15 17:55:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/10/15 17:55:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/15 17:55:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/15 17:55:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/10/15 17:55:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/15 17:55:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/10/15 17:55:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/10/15 17:55:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/10/15 17:55:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2012/10/15 17:33:59 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2012/10/15 17:33:58 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2012/10/07 03:38:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Macromedia
[2012/10/04 20:42:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Avira
[2012/10/04 19:38:07 | 000,696,240 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/10/04 19:36:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Apple Computer
[2012/10/02 17:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/10/02 17:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/10/02 17:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/27 10:50:45 | 000,010,000 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/27 10:50:45 | 000,010,000 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/27 10:42:53 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/27 10:42:36 | 000,016,384 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/10/27 10:42:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/25 18:30:57 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/24 19:42:57 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/10/24 19:11:47 | 004,989,133 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/10/21 20:29:02 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/10/17 17:20:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/10/14 16:04:56 | 000,538,941 | ---- | M] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2012/10/09 18:11:41 | 000,002,316 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/04 19:38:07 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/10/04 19:38:06 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012/10/24 19:18:08 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/10/24 19:18:08 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/10/24 19:18:08 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/10/24 19:18:08 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/10/24 19:18:08 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/10/14 16:04:54 | 000,538,941 | ---- | C] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2011/07/23 17:59:31 | 000,003,429 | ---- | C] () -- C:\Users\Owner\.recently-used.xbel
[2010/05/23 20:30:57 | 000,102,400 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/24 01:49:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
Und hier die Extras.txt:
Code:
OTL Extras logfile created on: 10/27/2012 10:46:01 AM - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Owner\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1015.24 Mb Total Physical Memory | 392.68 Mb Available Physical Memory | 38.68% Memory free
1.99 Gb Paging File | 1.27 Gb Available in Paging File | 64.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.03 Gb Total Space | 63.68 Gb Free Space | 45.80% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E0C9825-4492-4548-896B-9F5B13064970}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3167E04F-D3A2-4E26-986F-5A99B3AAF8EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3D7782A9-B0EE-4A00-9E15-BEB85DA29694}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8636BE16-D59C-46E8-86A4-2A02E851639E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1547F399-DDF5-4551-BDEB-EC44978BA602}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{25F04ED5-07BB-49A9-8D05-8521409621C5}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5A4497D6-292D-477A-9BFE-26ADC09EA29C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{647945A7-8F04-4F46-A0E3-5D43CB35A648}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{757BA310-092D-4025-AF21-4C80B2CB5595}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{97F51DE7-3E11-41F8-A8CB-6D8CD76DCA1E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BF8E8399-CCA2-4356-8723-9F174B57EF04}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF4295A2-B186-4045-B033-B2B66665B5BD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{9653669D-C487-4772-B191-D4AF40057C3D}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{A6DA25D5-A45F-4BDE-AD44-B43D534D81C1}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
"UDP Query User{80CB232E-0AF1-45A8-A53A-8185C333A664}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C92B09FB-5BAE-43E7-B58E-6CE8808DE558}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{470F98FC-4831-4ACB-9A8C-D114ED27C120}" = LocaleMe
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0017-040C-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (French) 2007
"{90120000-0017-040C-0000-0000000FF1CE}_OMUI.fr-fr_{879D8136-C3A7-4A13-A8F4-309467087372}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0017-0410-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Italian) 2007
"{90120000-0017-0410-0000-0000000FF1CE}_OMUI.it-it_{7B241DBB-A985-46B4-866B-DD59E0284032}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0017-0413-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Dutch) 2007
"{90120000-0017-0413-0000-0000000FF1CE}_OMUI.nl-nl_{4CF3DDE3-7CC3-46C5-989F-A72422CB5DCB}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_OMUI.fr-fr_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.fr-fr_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.it-it_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.nl-nl_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.fr-fr_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.it-it_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.nl-nl_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.fr-fr_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.it-it_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.nl-nl_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.it-it_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_OMUI.fr-fr_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}_OMUI.nl-nl_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OMUI.fr-fr_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_OMUI.fr-fr_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_OMUI.it-it_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_OMUI.nl-nl_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007
"{90120000-00BA-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007
"{90120000-00BA-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-040C-0000-0000000FF1CE}" = Microsoft Office O MUI (French) 2007
"{90120000-0100-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0410-0000-0000000FF1CE}" = Microsoft Office O MUI (Italian) 2007
"{90120000-0100-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0413-0000-0000000FF1CE}" = Microsoft Office O MUI (Dutch) 2007
"{90120000-0100-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-040C-0000-0000000FF1CE}" = Microsoft Office X MUI (French) 2007
"{90120000-0101-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0410-0000-0000000FF1CE}" = Microsoft Office X MUI (Italian) 2007
"{90120000-0101-0410-0000-0000000FF1CE}_OMUI.it-it_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0413-0000-0000000FF1CE}" = Microsoft Office X MUI (Dutch) 2007
"{90120000-0101-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Security
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{BB5E5F87-E939-4974-A006-2B4A2F60EEA3}_is1" = Game Park Console
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E680BB35-F552-4B28-BE4F-8E7CE515636F}" = Octava SD4
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FAD8718D-950E-468D-BDE2-17D4D6F1EA6A}" = FontResizer
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS VIBE" = ASUS VIBE
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Eee Docking_is1" = Eee Docking 3.6.0
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.20.423
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OMUI.fr-fr" = Microsoft Office Language Pack 2007 - French/Français
"OMUI.it-it" = Microsoft Office Language Pack 2007 - Italian/Italiano
"OMUI.nl-nl" = Microsoft Office Language Pack 2007 - Dutch/Nederlands
"OOBERegBackup_is1" = OOBERegBackup
"RealPlayer 15.0" = RealPlayer
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.9
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemSetting_is1" = SystemSetting
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-782359419-2307183593-61034220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/31/2012 4:44:37 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 7040
Description =
 
Error - 7/31/2012 4:44:37 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 7042
Description =
 
Error - 7/31/2012 4:44:37 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 9002
Description =
 
Error - 7/31/2012 4:44:37 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3029
Description =
 
Error - 7/31/2012 4:44:41 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3029
Description =
 
Error - 7/31/2012 4:44:41 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3028
Description =
 
Error - 7/31/2012 4:44:41 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 3058
Description =
 
Error - 7/31/2012 4:44:41 PM | Computer Name = Owner-PC | Source = Windows Search Service | ID = 7010
Description =
 
Error - 7/31/2012 4:46:13 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AcroRd32Info.exe, version: 9.5.0.270, time
 stamp: 0x4f032a77  Faulting module name: AcroRd32.dll, version: 9.5.0.270, time stamp:
 0x4f03ee44  Exception code: 0xc0000005  Fault offset: 0x00035bd8  Faulting process id:
 0xe5c  Faulting application start time: 0x01cd6f5d23da0dee  Faulting application path:
 C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe  Faulting module path:
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.dll  Report Id: c3c01690-db50-11e1-96b8-e0cb4e40d7fd
 
Error - 9/23/2012 2:54:19 PM | Computer Name = Owner-PC | Source = ESENT | ID = 215
Description = WinMail (2756) WindowsMail0: The backup has been stopped because it
 was halted by the client or the connection with the client failed.
 
[ OSession Events ]
Error - 7/20/2010 3:14:30 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 34
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10/25/2012 12:44:46 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =
 
Error - 10/25/2012 12:44:46 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =
 
Error - 10/25/2012 12:46:51 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
  AsUpIO  avipbb  avkmgr  cdrom  discache  spldr  ssmdrv  Wanarpv6
 
Error - 10/25/2012 12:46:58 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =
 
Error - 10/25/2012 12:47:07 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =
 
Error - 10/25/2012 12:47:14 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =
 
Error - 10/25/2012 12:47:14 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =
 
Error - 10/25/2012 12:50:24 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
  cdrom
 
Error - 10/26/2012 11:39:19 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
  cdrom
 
Error - 10/27/2012 4:43:34 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
  cdrom
 
 
< End of report >

cosinus 27.10.2012 19:48
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Scans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

mcflash99 31.10.2012 07:53
Malwarebytes:
Code:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.30.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

10/30/2012 6:48:19 PM
mbam-log-2012-10-30 (18-48-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222189
Time elapsed: 19 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Und SuperAntiSpyWare:
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/30/2012 at 11:56 PM

Application Version : 5.6.1012

Core Rules Database Version : 9498
Trace Rules Database Version: 7310

Scan type      : Complete Scan
Total Scan Time : 03:26:36

Operating System Information
Windows 7 Starter 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 579
Memory threats detected  : 0
Registry items scanned    : 37964
Registry threats detected : 0
File items scanned        : 124405
File threats detected    : 223

Adware.Tracking Cookie
        C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@google[5].txt [ Cookie:owner@google.com/accounts/ ]
        .doubleclick.net [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .apmebf.com [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .doubleclick.net [ C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        partners.webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        tracking.mlsat02.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        7.rotator.trafficbee.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        7.rotator.trafficbee.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .bwincom.122.2o7.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .clicksor.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .clicksor.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .clicktoview.org [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        clicktoview.org [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        clicktoview.org [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        clicktoview.org [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .myroitracking.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        clicktoview.org [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        clicktoview.org [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        clicktoview.org [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .clicksor.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .clicksor.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .clicksor.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        tomtailor.dyntracker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .quartermedia.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .quartermedia.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        7.rotator.trafficbee.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .rotator.wigetmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        rotator.hadj7.adjuggler.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .liveperson.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .unitymedia.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        server.adformdsp.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adformdsp.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        aimfar.solution.weborama.fr [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .weborama.fr [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .weborama.fr [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .weborama.fr [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .weboramapublishertrackinguk2.solution.weborama.fr [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .weboramapublishertrackinguk2.solution.weborama.fr [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        track.adform.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        www.ardmediathek.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .mediafire.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .mediafire.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .mediafire.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .mediafire.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        www.mediafire.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        www.mediafire.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        www.mediafire.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .ru4.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GG4VR7EB.DEFAULT\COOKIES.SQLITE ]
Die Threats habe ich erstmal nicht gekillt.

Viele Grüße,
mcflash99

cosinus 31.10.2012 18:28
Sieht ok aus, da wurden nur Cookies gefunden, die können alle weg.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

mcflash99 31.10.2012 18:44
Nein mir sind keine weiteren Probleme bekannt.

Ich bedanke mich viel vielmals für die tolle Hilfe!!

cosinus 31.10.2012 19:48
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

mcflash99 05.11.2012 17:26
Super, vielen Dank nochmal für die ganzen Tipps, auch im Namen der Besitzerin des Laptops!

Malwarebytes wird auf jeden Fall installiert bleiben und (hoffentlich) regelmäßig zum Einsatz kommen.

:daumenhoc:daumenhoc:daumenhoc


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132